After Google security researchers discovered a vulnerability in the XNU kernel, Apple is now releasing security updates for both iOS and macOS. The managed zero-day CVE-2021-30869 vulnerability enables attackers to execute malicious code using kernel rights with the help of a malicious application. The vulnerability is currently being actively exploited. Therefore, updates available immediately by all users should be installed.
According to Apple, in addition to the iPhone 5S, the iPhone 6 and 6 Plus, iPad Mini 2 and 3, iPad Air and iPod Touch are also vulnerable. All macOS users who currently have Catalina installed will receive Security Update 2021-006. So far, it’s unclear what the current versions of both macOS and iOS will look like. Apple has not yet commented on this. To be on the safe side, users should check their own devices and install updates if they are available.
The hole in macOS Finder can still be exploited, which has already been fixed. Unfortunately, Apple did not do a proper job with the alleged fix. So users should be suspicious of emails containing inetloc files in particular, prefer to delete email immediately. Since the file can be executed with a single click, extreme caution is required. Alternatively, you can delete the affected emails on your smartphone or other non-macOS device. However, Apple should improve this within a very short time and publish a corresponding patch.
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”