Apple releases an urgent security update for IOS, iPadOS, and macOS to patch a zero-day flaw that it said may have been actively exploited.
The new update that is set to be released in less than a week, comes after the company announced iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public. This patch fixes a memory corruption issue (CVE-2021-30807) in the IOMobileFrameBuffer component, a kernel extension responsible for managing the screen framebuffer, that could potentially be abused to alter the code and kernel privileges.
Apple credited an anonymous researcher who found out about this flaw and prevented the weaponization of this vulnerability for malicious attacks. The company also addressed that the main issue was with the memory handling and that they are not “aware that this issue is currently being exploited”
In addition, the timing of this update raises some questions about whether the zero-day had any part in the compromising iPhones using NSO Group’s Pegasus software, which has turned out to be the main focus of many investigative reports that have exposed how the spyware tool turned mobile phones of several journalists, human right activists, and many other public figures into portable surveillance devices, granting complete access to highly sensitive information stored in them.
In conclusion, if you own any of the apple devices mentioned above is extremely recommended that you move quickly to update them to the latest version to mitigate the risk associated with the flaw.