8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Groupโs Pegasus surveillance tool to target iPhone users.
Chief among them is CVE-2021-30869, a type confusion flaw that resides in the kernel component XNU developed by Apple that could cause a malicious application to execute arbitrary code with the highest privileges. The Cupertino-based tech giant said it addressed the bug with improved state handling.
Googleโs Threat Analysis Group, which is credited with reporting the flaw, said it detected the vulnerability being โused in conjunction with a N-day remote code execution targeting WebKit.โ
Two other flaws include CVE-2021-30858 and CVE-2021-30860, both of which were resolved by the company earlier this month following disclosure from the University of Torontoโs Citizen Lab about a previously unknown exploit called โFORCEDENTRYโ (aka Megalodon) that could infect Apple devices without so much as a click.
The zero-click remote attack weaponizing CVE-2021-30860 is said to have been carried out by a customer of the controversial Israeli company NSO Group since at least February 2021. The scale and scope of the operation remains unclear as yet.
It relied on iMessage as an entry point to send malicious code that stealthily installed the Pegasus spyware on the devices and exfiltrate sensitive data without tipping the victims off. The exploit is also significant for its ability to get around defenses built by Apple in iOS 14 โ called BlastDoor โ to prevent such intrusions by filtering untrusted data sent over the texting application.
The patches are available for devices running macOS Catalina and iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.4.
The development also comes as security researchers have disclosed unpatched zero-day flaws in iOS, including a lock screen bypass bug and a clutch of vulnerabilities that could be abused by an app to gain access to usersโ Apple ID email addresses and full names, check if a specific app is installed on the device given its bundle ID, and even retrieve Wi-Fi information without proper authorization.
Researcher Denis Tokarev (aka illusionofchaos), who disclosed the latter three issues, said they were reported to Apple between March 10 and May 4, claiming what was โa frustrating experience participating in Apple Security Bounty programโ for its failure to fix the issues despite having them responsibly disclosed โup to half a yearโ ago.
Indeed, a Washington Post article published two weeks ago revealed how the company sits on a โmassive backlogโ of vulnerability reports, leaving them unresolved for months, hands out lower monetary payouts to bug hunters, and, in some cases, outright bans researchers from its Developer Program for filing reports.
Found this article interesting? Follow THN on Facebook, Twitter ๏ and LinkedIn to read more exclusive content we post.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C