27.09.2021 Apple Updates Fix Another Exploited Vulnerability

by Elena Lapina

On 23 September 2021, Apple released security updates to fix a vulnerability, exploited by threat actors, in older versions of iOS and macOS. We recommend applying the latest updates as soon as possible.

Details

  • A privilege escalation vulnerability, CVE-2021-30869, could allow a malicious application to execute arbitrary code with the highest privileges. Apple addressed a confusion error in XNU, the OS kernel used by macOS and iOS, with the latest update introducing improved state handling. A threat actor would need to authenticate on the system to exploit this vulnerability.
  • The flaw is being exploited together with other previously-reported vulnerabilities:
    • CVE-2021-30860 (in the CoreGraphics framework)
    • CVE-2021-30858 (in the WebKit browser engine)
    • For these two vulnerabilities, the updates for iOS 14 were released on 13 September, but are now also available for iOS 12.
  • The following updates in Apple products need to be applied to fix these vulnerabilities:
    • iOS 12.5.5 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
    • Security Update 2021-006 for macOS Catalina

Recommendations 

  • If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
  • Check for and install software updates on your device manually by going to Settings > General > Software Update.

References

 

Request Demo

Fill out the form and we will send you details about our demo.