Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A zero-day Apple bug exploited by cybercriminals to hack iPhone and Mac with iOS and macOS old versions was patched by the company as it released security updates against it.
Zero-Day Apple Bug: Behavior
The zero-day we are talking about was dubbed CVE-2021-30869 being announced by 2 researchers from the Google Threat Analysis Group, by their names Clément Lecigne and Erye Hernandez together with the expert from Google Project Zero, Ian Beer.
The zero-day Apple bug was identified in the XNU operating system kernel which is basically the operating system nucleus. If hackers would have successfully taken advantage of this exploit, it could result in arbitrary code execution using kernel privileges.
The Threat Posed by Zero-Days to IoS and macOS This Year
It seems that IoS and macOS devices have been impacted by ceaseless zero-day bugs lately.
According to BleepingComputer, here’s an overview of the zero-days this year:
- In February, 3 flaws came forward dubbed CVE-2021-1870, CVE-2021-1871, CVE-2021-1872 massively exploited by hackers.
- CVE-2021-1879 was the highlight of the month of March in regards to iOS.
- April did not strike back either, as CVE-2021-30661 was discovered in iOS and CVE-2021-30657 in macOS.
- CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666 were popular back in May that led to RCE only by accessing bad web pages and identified in iOS and also CVE-2021-30713 in macOS through which XCSSET malware manage to bypass Apple’s TCC.
- June came also with CVE-2021-30761 and CVE-2021-30762 in iOS.
- And eventually only this month there were identified 2 vulnerabilities, the goal of one of the bugs being the deployment of Pegasus spyware on iPhones.
What Is a Zero-Day Bug?
Now it’s interesting to understand what is a zero-day bug. As described in our article about zero-day attacks, a zero-day vulnerability stands for a flaw in the software, recently identified and unpatched. Generally, hackers find this kind of bug and start exploiting it before security researchers become aware of its threat. But there are also cases when experts discover it and do not announce it until patched.
The zero-day attack is what comes next after hackers find about the vulnerability and start exploiting it.
Impacted Devices
In the case of CVE-2021-30869 in the discussion, the impacted devices were iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.5 and macOS Catalina Macs.
How to Update Your Apple Device?
Here’s how to implement the latest updates from Apple:
To update iPhone
Go to the Settings menu, then click on General and choose Software Update.
For macOS software downloading
Go to the Apple icon, choose System Preferences, and then Software Update.
It’s worth mentioning that Apple devices can automatically update if toggling on automatic updates.
Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!
