Apple modifies vulnerabilities with "MacOS Catalina" and "iOS 12.5.5" --Cnet Japan

　Apple released a security update on September 23, "MacOS Catalina" and "iOS 12.5.Fixed vulnerabilities that could have been abused in 5 ".

　"CVE-2021-30869" is a vulnerability related to XNU, and an unauthorized application may be able to execute any code with kernel authority.Updates are MacOS Catalina and "iPhone 5s", "iPhone 6", "iPhone 6 Plus", "iPad Air", "iPad Mini", and "iPod Touch (6th generation)".

　According to the company, there was a report that the vulnerability was abused, and it was dealt with by "strengthening state processing."This vulnerability was discovered by Google's threat analysis group (TAG).

　The "CVE-2021-30860" may be related to the NSO Group spyware "Pegasus" used to invade Apple devices.Citizen Lab was discovered.Updates are iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini (2nd to 3rd generation), and iPod touch (6th generation).

　Citizen Lab published several reports in 2021 revealed that specific nations and criminals had accessed Apple devices using Pegasus spyware.According to the company's latest reports, processing a pdf created with malicious intent can lead to any code.

　Apple recognizes that this vulnerabilities may have been actively abused, and has "strengthened input verification" and dealt with.

　The "CVE-2021-30858" was found by anonymous researchers, as web content created with malicious intent could execute any code.The update is the same as the CVE-2021-30860.The company also says that the vulnerability also "recognizes reports that it may have been actively abused."

This article edited by Asahi Interactive for an article from overseas RED VENTURES for Japan.