Do you have a Mac with macOS Catalina? The company has released a major security update that fixes a ‘zero-day’ vulnerability, called CVE-2021-30869. One that was recently discovered by Google’s security team and could have been actively exploited.
Specifically, the error, present in the web rendering engine which uses Safari (known as WebKit), allowed hackers to access the device remotely through a malicious application and through the execution of arbitrary code with kernel privileges, according to Apple in the patch notes. Everything indicates that this vulnerability is part of a second stage of an attack, given that there are indications of a joint use with another software error. In early September, the company updated its devices to correct a similar problem that could be related to the recently discovered one.
The hackers aimed Macs and iPhones with older software. These, until now, did not have the latest security patches. For Macs, the affected version is macOS Catalina, which was released in 2019.
Some iPhones with an older version of iOS they are also getting a patch that fixes the same vulnerability. The update is available for iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch. It also adds to the error discovered at the beginning of September. In this case, the attackers could execute arbitrary code through a modified PDF and a recent one present in the Safari WebKit.
So you can update your Mac or iPhone to fix the security flaw
Those users with a Mac that works with macOS Catalina can update through the system preferences, in the “software updates” section. In the case of iPhones with iOS 12, it will be necessary to access Settings> General> Software update and check if the new version, iOS 12.5.5, is available to download and install.
Current iPhones, running iOS 14 or later, have also received a major security update. This fixes an iMessage vulnerability exploited by Pegasus, the spyware of the Israeli company NSO Group.