2 min read

Patch your iPhones and Macs against "actively exploited" zero-day right now

Graham CLULEY

July 27, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Patch your iPhones and Macs against "actively exploited" zero-day right now

If you're the owner of an iPhone, iPad, or Apple Mac you should update your system right now.

Apple has released a major security update for its devices, after finding a zero-day flaw that the company indicates has been the focus of in-the-wild attacks by hackers, and might have been used to plant malware.

As is its wont, Apple has not released any real details about the flaw, presumably in an attempt to reduce the chances of other parties exploiting the security vulnerability.

According to a security advisory published on Apple's website, the flaw - technically known as CVE-2021-30807 -  was reported to the firm by an anonymous researcher, and involves a memory corruption flaw
in the IOMobileFrameBuffer kernel extension used for managing the screen framebuffer, that can be abused to execute arbitrary code on a device with kernel privileges.

If a malicious hacker's code successfully gains kernel privileges it seizes God-like control over the device.

What makes things all the more serious is Apple's warning that the security flaw has been used in real-world attacks:

“Apple is aware of a report that this issue may have been actively exploited.”

Proof-of-concept code to exploit the flaw has been published on Twitter

Users are advised to update to the latest versions of iOS (14.7.1), iPadOS (14.7.1), and macOS (11.5.1) to protect against the issue.

Another security researcher, Saar Amar, claims to have also uncovered the vulnerability four months ago, although he had not yet reported it to Apple as he was still working on methods to exploit the flaw. Amar described the vulnerability as being "as trivial and straightforward as it can get."

With details of how to exploit the vulnerability published in the wild, and Apple's claims that it has been actively exploited, there really is no time to wait - everyone should update their Apple devices.

To update your Mac or MacBook, choose System Preferences from the Apple menu in the top-left of the screen. Then click Software Update to see if any updates are available and follow instructions.

If your iPhone or iPad has not yet installed the latest security update, open Settings, and choose General > Software Update and follow instructions.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read