Apple has confirmed that the latest update to MacOS, pushed out this week, has addressed a critical security exploit and users should upgrade their hardware as soon as is practical.
The details can be found in the latest update on the security content of the Mac platform. The out-of-sync release of MacOS Big Sur 11.5.1 should be regarded as urgent:
“Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited… A memory corruption issue was addressed with improved memory handling.”
It should be noted that alongside macOS Big Sur, Apple has rushed out point updates for iOS and iPadOS. Following the release of the update, a number of security researchers have highlighted the vulnerability that has been patched. Reported as CVE-2021-30807, it could allow arbitrary code to run on an Apple device with kernel privileges, and the potential to gain control over your Mac.
One of those researchers, Saar Amar, has published an extensive look at the exploit.
The security of Apple’s platform has been under scrutiny this year, and especially in the last month. The capabilities of the NSO Group’s ‘Pegasus’ software to crack the MacOS, iOS, and iPadOS platforms has been heavily discussed in the media.
There’s no indication at present that the patched exploit in 11.5.1 is part of that package. Founder of Objective-See Patrick Wardle spoke to The Guardian’s Stephanie Kirchgaessner and Alex Hern, Wardle notes now Apple’s closed nature stands in stark contrast to other major companies and how this can be detrimental in the long term:
“[If you] talk to any external security researcher, they’re probably not going to have a lot of great things to say about Apple. Whereas if you talk to security researchers in dealing with, say, Microsoft, they’ve said: ‘We’re gonna put our ego aside, and ultimately realise that the security researchers are reporting vulnerabilities that at the end of the day are benefiting our users, because we’re able to patch them.’ I don’t think Apple has that same mindset.”
This isn’t a new approach by Apple, but the limitations of the approach are becoming more apparent this year. Nevertheless, for MacOS users the world over, Apple’s rapid point update to your operating system is very much recommended.