Apple has warned iPhone and Mac users that it is aware of a zero-day bug under active exploit. The company thanked Google for spotting the bug, assigned CVE-2021-30869, which the world’s largest ad company seems to have noticed since it impacts the WebKit browser engine.
It is a serious flaw, as it is in the XNU kernel, which is essentially the heart of Apple’s OS, including iOS and macOS. Apple’s advisory explains that a malicious application may be able to execute arbitrary code with kernel privileges.
The vulnerability explained
The company says the flaw exists because of a ‘type confusion issue,’ which it says it sorted out with ‘improved state handling.’
The most concerning part; the company also says it is aware that an exploit for this flaw exists and exploitation is being recorded in the wild. The flaw is also present in older versions of iOS and affects iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and iPod Touch.
The fix for these iOS flaws is 12.5.5, which Apple’s advisory says addresses arbitrary code execution vulnerabilities in CoreGraphics and WebKit.
A patch is available
Apple was quick to release a patch to users to ensure that they could protect themselves on time.
The fix is security update 2021-006 Catalina, which Macs should be urging you to apply as you read about this flaw. Now would be a good time to put this down and get updating.
Meanwhile, the company faces an impending lawsuit that alleges its M1 MacBook screens are very fragile, that Apple knew and did nothing about it, opting to release the machines which have gone on to fail and exhibit mechanical problems.