has released security updates for three vulnerabilities in macOS Catalina and iOS 12.5.5 that are currently being actively exploited. CVE-2021-30869 is a XNU vulnerability in macOS, iPhone 5s, iPhone 6, iPhone 6 Plus, Air, iPad mini 2, iPad mini 3 and iPod touch, which allow malicious applications to execute arbitrary code with kernel rights.
The second vulnerability, CVE-2021-30860, was discovered by Citizen Lab and may be related to the NSO Pegasus spyware used to break into Apple devices. The vulnerability affects iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air,2, iPad Mini 3 and iPod Touch (6th generation).
The third vulnerability – CVE-2021-30858 – affects the same devices as the first two bugs and was reported anonymously. Apple’s processing of maliciously designed web content can lead to the execution of any malicious code. As with the other vulnerabilities, Apple is aware that this vulnerability may have been actively exploited.
The fixes are also part of the current security update for macOS 11 Big Sur and iOS 15. In exceptional cases, however, Apple also provides patches for OS versions such as Catalina and iOS 12.x, which are actually no longer supported.