Apple has warned iPhone and Mac users of the discovery of a zero-day bug and that is being actively exploited. The person who discovered this security breach was Google (and Apple has already thanked him for his contribution) and it is that it also affects the WebKit of your browser engine. It has been christened CVE-2021-30869.
The flaw is in the XNU kernel, at the heart of Apple’s operating systems, including macOS and iOS. As a small Apple report explains, that translates to “a malicious application may be able to execute arbitrary code with kernel privileges“.
This XNU is available for macOS Catalina and regarding its impact, Apple explains that “a malicious application may be capable of executing arbitrary code with kernel privileges.” Apple is aware that there is an exploit for this problem, “they have said from the company.
‘Sgroogled.com’: When MICROSOFT Launched ANTI-GOOGLE Ads
How to solve it, according to Apple
The company says the failure existed thanks to a “type confusion problem“That was solved” with an improvement in the handling of states “and ensures that the solution is the security update 2021-006 Catalina.
The problem is also present in older versions of iOS, and affects iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3 and iPod Touch.
With all this, The Register warns that Apple seems not having fixed a similar remote code execution bug in macOS Finder, even though third-party researchers have tried to fix it.