The iPhone 15 Pro would finally have physical buttons, Apple
Apple fixes critical flaws that allowed iPhone and Mac to be hacked
Apple released security updates for three vulnerabilities in macOS Catalina and iOS 12.5.5 that were actively exploited by hackers. One of these allowed hackers to use NSO’s Pegasus spyware.
Apple released a new update to iOS 12.5.5 for users of older iPhone, iPad and iPod touch devices unable to install iOS 15 and iPadOS 15. Mac users are also entitled to a new 2021-006 Catalina security update available for Macs which are not compatible with Big Sur.
These correct three critical flaws, named CVE-2021-30860, CVE-2021-30869 and CVE-2021-30858. The first affected the iPad Air, iPad mini 2, and iPad mini 3, as well as the 6th generation iPod touch, iPhone 5s, iPhone 6, and iPhone 6 Plus. The first allowed hackers to use the Pegasus spyware by using the processing of a PDF file to execute code on the devices. Apple had however assured last July that the iPhone were the most secure smartphones in the world against Pegasus.
Malware could execute code on your device
The second vulnerability CVE-2021-30869 is an XNU vulnerability that affects macOS as well as iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch. According to Apple, she allowed a malicious application to execute arbitrary code with administrator privileges. If you have one of these smartphones or a Mac running Catalina, then it is urgent to do the latest update.
Apple explained that the third vulnerability relates to the processing of maliciously crafted web content that could lead to the execution of arbitrary code on devices. According to the American company, the flaw has probably already been actively exploited by hackers.
The US company appears to be facing a number of security issues lately. After the rollout of the iOS 15 update, for example, a security researcher discovered that it was possible to access notes on an iPhone without unlocking it. The new iOS 15 version would also have messed up the AirTags, since some users could no longer find their belongings.
Source: Bleepingcomputer
