29.7.21

 


Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS

The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.

 Amer Owaida

Apple has released an update for its iOS, iPadOS, and macOS operating systems to patch a zero-day security flaw that is being actively exploited in the wild. The vulnerability affects a wide range of its products including the iPod touch and various models of the iPhone and iPad.

“Apple is aware of a report that this issue may have been actively exploited,” reads Apple’s security advisory describing the security loophole that is being plugged with the release of iOS 14.7.1 and iPadOS 14.7.1.

The list of impacted devices includes iPhone 6s and later, all versions of the iPad Pro, iPad Air 2 and later, the 5th generation of iPad and later, iPad mini 4 and later, and the 7th generation of the iPod touch. The same security flaw also affects the macOS operating system, so the Cupertino-based tech titan also issued a security update for macOS (Big Sur 11.5.1) to address the issue. As is usually the case, there is no word about the perpetrators and targets of the zero-day attacks.

Indexed as CVE-2021-30807, the vulnerability resides in the IOMobileFrameBuffer, a kernel extension that is used for managing the screen framebuffer, and is described as a memory corruption issue.

According to CyberSecurityHelp, the vulnerability could allow a local application to escalate privileges on the affected systems. “The vulnerability exists due to a boundary within the IOMobileFrameBuffer subsystem. A local application can trigger memory corruption and execute arbitrary code on the target system with kernel privileges,” reads its description of the security flaw.

The United States’ Cybersecurity and Infrastructure Agency (CISA) also took note of the release and issued a security advisory urging both users and administrators to apply the patches and update their devices. “Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected device,” said the agency.

Indeed, you would be well advised to apply the updates as soon as practicable. If you don’t have automatic updates enabled, you can update your iPhone and iPad manually by going to the Settings menu, then tapping General, and going to the Software Update section. To manually update your Mac devices, go to the Apple menu, click on About This Mac and then click on the Software Update button.