Apple Warns Users of Zero-Day Vulnerability

The issue affects both Mac and iPhone devices

Apple has issued a warning for its users about a zero-day bug that is being exploited by threat actors.

The exploit, dubbed CVE-2021-30869, affects both Mac and iPhone users, but Apple has quickly released respective patches to fix the problem.

hacker in hoodie

Witthaya Prasongsin/Getty Images

The bug wasn’t discovered by Apple, but rather by members of Google’s Threat Analysis Group and Project Zero teams, seeking to protect users from hackers and zero-day vulnerabilities.

Apple has kept quiet about the flaw and not shared any details other than stating it allowed hackers “…to execute arbitrary code with kernel privileges.” According to Help Net Security, the vulnerability affects the XNU, which is the heart of macOS and iOS.

Gaining access to the XNU would have allowed a hacker to execute their code and not be stopped by the operating system.

The patches are available now. The iOS patch also fixes flaws discovered in the CoreGraphics and WebKit. Interestingly enough, the iOS vulnerability also affects much older devices.

In addition to current devices, the exploit impacts the iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, and the sixth generation of the iPod touch.

Another Google threat analyst, Shane Huntley, stated on Twitter that the team is investigating the exploits and that more details will follow.

It’s unknown how pervasive security issues are within older Apple devices, but it isn’t uncommon. Another exploit earlier in September affected older versions of iOS and macOS. It has since been patched.

Apple is urging its users to download the latest update to seal the recent vulnerability.

Was this page helpful?