Trending Stories

Apple Issues A Warning On An Active Exploited Zero-Day Vulnerability On Macs

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||” theme_builder_area=”post_content”][et_pb_text admin_label=”Text” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”]

It is undeniable that computer and phone technology companies, facing a slew of security vulnerabilities that jeopardize consumer privacy. Apple is an example of a modern company whose technological innovations have piqued the interest of consumers. Nonetheless, with a surge in internet hackers and attackers that constitute a significant threat to users, security is a serious issue among Apple users.

Internet use, lack of software update expertise, and installation of software and mobile apps from unsafe sources are all the major security concerns when using Apple iPhones, iPods, iPads, and Mac PCs.

Apple has issued a security alert to iPhone and Mac customers, stating that it is aware of a zero-day vulnerability that is being actively exploited. The company thanked Google for identifying the bug, designated CVE-2021-30869, and affects the WebKit browser engine, which the world’s largest ad giant appears to have detected.

It’s a massive flaw in the XNU kernel, which is at the heart of Apple’s operating systems, including iOS and macOS. According to Apple’s advisory, a malicious program might execute arbitrary code with kernel privileges.

Devices Being Affected

  • iOS 12.5.5-running iPhone 5s
  • iPhone 6
  • iPhone 6 Plus
  • iPad Air
  • iPad mini 2
  • iPad mini 3
  • iPad touch (6th generation)
  • macOS Catalina-running Macs

How can It be Resolved?

The 12.5.5 update fixes arbitrary code execution vulnerabilities in CoreGraphics and WebKit, according to Apple’s statement.

Apple’s Security Updates

Apple does not reveal, discuss, or confirm security problems until its investigation is complete. And any necessary upgrades are widely accessible for the safety of their consumers. Apple utilizes security advisories and the security-announce email list to credit people or groups who report security concerns.

Vulnerability and its Solution

By exploiting this security weakness, “a malicious program may be able to execute arbitrary code with kernel privileges,” according to Apple’s alert. As a result, malware on a system can exploit the flaw to gain complete control.

The failure, caused by a “type confusion problem” that was “fixed” with an “improvement in the processing of states,” and that the solution is security update 2021-006 Catalina.

When a user opens the inetloc file, the vulnerability can be used to fool them into opening apps and files in known locations on their Mac without notice. However, it was unclear how an attacker might cause injury solely by using this talent.

How Can Mac Users Prevent Further Vulnerabilities?

Apple offers many options that can assist in enhancing the operating systems of its phones and computers to improve customer security. In the end, it will need to provide a macOS security update to address this vulnerability.

In the meantime, Mac users can use reliable antivirus software, such as Intego Mac Premium Bundle X9, to protect themselves from known dangerous payloads. Suppose an attacker tries to use a common RAT (remote access Trojan) or other known malware. In that case, the attack will be blocked and removed using this protection.

Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.

Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.

Most Popular Phishing Attacks & How a Cyber Security Company Can Help You
Cloud computing has provided businesses with the option to scale up the organization and introduce
To help protect from this, we may have multiple layers of protection in our system.
A chain is as strong as its weakest link, and that's why even if a
As cyberattacks are becoming the norm now, it is more important than ever to conduct

Drop us a message