Apple warns of arbitrary code execution zero-day being actively exploited on Macs


Apple has warned iPhone and Mac users that it’s aware of a zero-day bug that’s being actively exploited.

The iGiant has thanked Google for spotting CVE-2021-30869, which the ad giant seems to have noticed because it also impacts the WebKit browser engine.

It’s a nasty flaw, as it’s in the XNU kernel at the heart of Apple’s operating systems including macOS and iOS.

As Apple’s advisory explains, that means “A malicious application may be able to execute arbitrary code with kernel privileges”.

The fruit-themed company says the flaw existed thanks to a “type confusion issue” that was sorted out “with improved state handling”.

Read more…