Apple has released security updates to fix vulnerabilities in iOS 12.5.5 and macOS Catalina. The tech giant also warned of active exploits in the wild against some vulnerabilities.
A hacker could exploit some of these vulnerabilities to take control of affected devices.
The latest iOS 12.5.5 security update released on September 23 addressed 2 vulnerabilities (CoreGraphics CVE-2021-30860 and WebKit CVE-2021-30858) that could result in arbitrary code execution.
To add, Apple patched one other XNU vulnerability CVE-2021-30869 that could allow a malicious application to execute arbitrary code with kernel privileges.
For all three vulnerabilities, Apple warned that it is aware of reports of active exploits against all three vulnerabilities.
The update is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) products.
The macOS Catalina Security Update 2021-006 addressed the same XNU vulnerability CVE-2021-30869 that could allow a malicious application to execute arbitrary code with kernel privileges.
“Apple is aware of reports that an exploit for this issue exists in the wild.”
Readers can review the Apple security page for more details.
- Google releases Chrome 94 security update fixes zero-day vulnerability (CVE-2021-37973) under attack
- Apple fixes watchOS vulnerability (CVE-2021-30807) exploited in the wild
- Apple fixes zero-day vulnerability (CVE-2021-30807) in macOS Big Sur and iOS
- Apple security updates for iOS 14.7, macOS Big Sur 11.5 and other products