Apple patches iOS and macOS zero-day exploited in the wild

Apple has released security updates today to patch a new zero-day vulnerability that Google's security team said has been exploited in the wild to compromise user devices.

Tracked as CVE-2021-30869, the vulnerability resides in XNU, the kernel component that ships with modern Apple systems.

According to Shane Huntley, head of the Google Threat Analysis Group, the XNU zero-day was part of a two-part exploit chain.

Huntley said attackers used the zero-day in conjunction with an already known WebKit vulnerability to execute malicious code inside a user's browser and escalate privileges for their code to take over affected devices.

0day privilege escalation for macOS Catalina discovered in the wild by @eryeh https://t.co/yvCWPo45fL

We saw this used in conjunction with a N-day remote code execution targeting webkit.

Thanks to Apple for getting patch out so quickly.

— Shane Huntley (@ShaneHuntley) September 23, 2021

Huntley said his team plans to reveal more details about the attack after 30 days, giving users more time to apply patches before technical details are available online, something that may help other threat actors develop their own exploits as well.

Patches for the zero-day have been made available for macOS Catalina and iOS 12.5.5, suggesting that the exploit doesn't work in recent iOS versions such as iOS 14 and 15.

macOS Catalina security updates are here.

iOS 12.5.5 security updates are here.

In addition, Apple has also backported patches for two other zero-days that it patched on September 13.

Initially patched for iOS 14, patches for CVE-2021-30860 and CVE-2021-30858 are now also available for old-gen iPhones running iOS 12.

The XNU zero-day marks the sixteenth zero-day Apple has patched in 2021.