Apple fixes zero-day affecting iPhones and Macs, exploited in the wild

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,422
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs.

The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher.

Apple has fixed the bug, allowing applications to execute arbitrary code with kernel privileges, by improving memory handling in iOS 14.7.1, iPadOS 14.7.1, and macOS Big Sur 11.5.1.

The list of impacted devices includes Macs, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

"Apple is aware of a report that this issue may have been actively exploited," the company said in security advisories published earlier today.

While Apple did disclose that at least one report mentioned CVE-2021-30807 active exploitation in the wild, the company did not release any additional information regarding these attacks.

Withholding this info is likely a measure designed to allow the security updates released today to reach as many iPhones, iPads, and Macs as possible before other threat actors pick up on the details and start actively abusing the now-patched zero-day.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top