It is undeniable that computer and phone technology companies, facing a slew of security vulnerabilities that jeopardize consumer privacy. Apple is an example of a modern company whose technological innovations have piqued the interest of consumers. Nonetheless, with a surge in internet hackers and attackers that constitute a significant threat to users, security is a serious issue among Apple users.
Internet use, lack of software update expertise, and installation of software and mobile apps from unsafe sources are all the major security concerns when using Apple iPhones, iPods, iPads, and Mac PCs.
Apple has issued a security alert to iPhone and Mac customers, stating that it is aware of a zero-day vulnerability that is being actively exploited. The company thanked Google for identifying the bug, designated CVE-2021-30869, and affects the WebKit browser engine, which the world’s largest ad giant appears to have detected.
It’s a massive flaw in the XNU kernel, which is at the heart of Apple’s operating systems, including iOS and macOS. According to Apple’s advisory, a malicious program might execute arbitrary code with kernel privileges.
Devices Being Affected
- iOS 12.5.5-running iPhone 5s
- iPhone 6
- iPhone 6 Plus
- iPad Air
- iPad mini 2
- iPad mini 3
- iPad touch (6th generation)
- macOS Catalina-running Macs
How can It be Resolved?
The 12.5.5 update fixes arbitrary code execution vulnerabilities in CoreGraphics and WebKit, according to Apple’s statement.
Apple’s Security Updates
Apple does not reveal, discuss, or confirm security problems until its investigation is complete. And any necessary upgrades are widely accessible for the safety of their consumers. Apple utilizes security advisories and the security-announce email list to credit people or groups who report security concerns.
Vulnerability and its Solution
By exploiting this security weakness, “a malicious program may be able to execute arbitrary code with kernel privileges,” according to Apple’s alert. As a result, malware on a system can exploit the flaw to gain complete control.
The failure, caused by a “type confusion problem” that was “fixed” with an “improvement in the processing of states,” and that the solution is security update 2021-006 Catalina.
When a user opens the inetloc file, the vulnerability can be used to fool them into opening apps and files in known locations on their Mac without notice. However, it was unclear how an attacker might cause injury solely by using this talent.
How Can Mac Users Prevent Further Vulnerabilities?
Apple offers many options that can assist in enhancing the operating systems of its phones and computers to improve customer security. In the end, it will need to provide a macOS security update to address this vulnerability.
In the meantime, Mac users can use reliable antivirus software, such as Intego Mac Premium Bundle X9, to protect themselves from known dangerous payloads. Suppose an attacker tries to use a common RAT (remote access Trojan) or other known malware. In that case, the attack will be blocked and removed using this protection.
Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.
Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.