The exploit, dubbed CVE-2021-30869, affects both Mac and iPhone users, but Apple has quickly released respective patches to fix the problem. The bug wasn’t discovered by Apple, but rather by members of Google’s Threat Analysis Group and Project Zero teams, seeking to protect users from hackers and zero-day vulnerabilities. Apple has kept quiet about the flaw and not shared any details other than stating it allowed hackers “…to execute arbitrary code with kernel privileges.” According to Help Net Security, the vulnerability affects the XNU, which is the heart of macOS and iOS. Gaining access to the XNU would have allowed a hacker to execute their code and not be stopped by the operating system. The patches are available now. The iOS patch also fixes flaws discovered in the CoreGraphics and WebKit. Interestingly enough, the iOS vulnerability also affects much older devices. In addition to current devices, the exploit impacts the iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, and the sixth generation of the iPod touch. Another Google threat analyst, Shane Huntley, stated on Twitter that the team is investigating the exploits and that more details will follow. It’s unknown how pervasive security issues are within older Apple devices, but it isn’t uncommon. Another exploit earlier in September affected older versions of iOS and macOS. It has since been patched. Apple is urging its users to download the latest update to seal the recent vulnerability.
