Apple patches iOS and macOS zero-day exploited in the wild

Apple has released security updates today to patch a new zero-day vulnerability that Google's security team said has been exploited in the wild to compromise user devices.

Tracked as CVE-2021-30869, the vulnerability resides in XNU, the kernel component that ships with modern Apple systems.

According to Shane Huntley, head of the Google Threat Analysis Group, the XNU zero-day was part of a two-part exploit chain.

Huntley said attackers used the zero-day in conjunction with an already known WebKit vulnerability to execute malicious code inside a user's browser and escalate privileges for their code to take over affected devices.

Huntley said his team plans to reveal more details about the attack after 30 days, giving users more time to apply patches before technical details are available online, something that may help other threat actors develop their own exploits as well.

Patches for the zero-day have been made available for macOS Catalina and iOS 12.5.5, suggesting that the exploit doesn't work in recent iOS versions such as iOS 14 and 15.

macOS Catalina security updates are here.

iOS 12.5.5 security updates are here.

In addition, Apple has also backported patches for two other zero-days that it patched on September 13.

Initially patched for iOS 14, patches for CVE-2021-30860 and CVE-2021-30858 are now also available for old-gen iPhones running iOS 12.

The XNU zero-day marks the sixteenth zero-day Apple has patched in 2021.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.