Apple releases patch for zero‑day flaw in iOS,
iPadOS and macOS
The vulnerability is under
active exploitation by unknown attackers and affects a wide range of Apple’s
products.
Apple has released an
update for its iOS, iPadOS, and macOS operating systems to patch a zero-day
security flaw that is being actively exploited in the wild. The vulnerability
affects a wide range of its products including the iPod touch and various models
of the iPhone and iPad.
“Apple is aware of a report
that this issue may have been actively exploited,” reads Apple’s security advisory describing
the security loophole that is being plugged with the release of iOS 14.7.1 and iPadOS 14.7.1.
The list of impacted
devices includes iPhone 6s and later, all versions of the iPad Pro, iPad Air 2
and later, the 5th generation of iPad and later, iPad mini 4 and later, and the
7th generation of the iPod touch. The same security flaw also affects the macOS
operating system, so the Cupertino-based tech titan also issued a security
update for macOS (Big Sur 11.5.1) to address
the issue. As is usually the case, there is no word about the perpetrators and
targets of the zero-day attacks.
Indexed as CVE-2021-30807, the vulnerability resides in the IOMobileFrameBuffer, a kernel
extension that is used for managing the screen framebuffer, and is described as
a memory corruption issue.
According to CyberSecurityHelp, the
vulnerability could allow a local application to escalate privileges on the
affected systems. “The vulnerability exists due to a boundary within the
IOMobileFrameBuffer subsystem. A local application can trigger memory
corruption and execute arbitrary code on the target system with kernel
privileges,” reads its description of the security flaw.
The United States’
Cybersecurity and Infrastructure Agency (CISA) also took note of the release
and issued a security advisory urging both users and administrators to apply the patches and
update their devices. “Apple has released security updates to address a
vulnerability in multiple products. An attacker could exploit this
vulnerability to take control of an affected device,” said the agency.
Indeed, you would be well
advised to apply the updates as soon as practicable. If you don’t have
automatic updates enabled, you can update your iPhone and iPad manually by
going to the Settings menu, then tapping General, and going to the Software
Update section. To manually update your Mac devices, go to the Apple menu,
click on About This Mac and then click on the Software Update button.