You are currently viewing Apple Patches Another High Severity Zero-Day Flaw Exploited in the Wild

Apple Patches Another High Severity Zero-Day Flaw Exploited in the Wild

Apple has released an urgent update to address a critical zero-day vulnerability that is being exploited in the wild. The  vulnerability is tracked as CVE-2021-30807 and affects iOS, iPadOS, and macOS devices. This vulnerability exists due to a memory corruption issue in the IOMobileFrameBuffer component, a kernel extension for managing the screen frame buffer. It allows an attacker to execute arbitrary code with kernel privileges.

Apple has released this update at a time when there are reports of a vulnerability in iMessage used by the Pegasus spyware for surveillance on dissidents, activists, human rights lawyers, and opposition politicians using Apple devices. Although the current Apple advisory does not mention this update includes a fix for the iMessage vulnerability also, few researchers believe in this possibility.


A long list of Zero-Days

CVE-2021-30807 adds to the long list of zero-days fixed by Apple this year. With most of them being exploited in the wild, the list includes

Endpoints that have not been patched are advised to deploy patches ASAP.


Affected Products

  • iOS before version 14.7.1
  • iPadOS before version 14.7.1
  • macOS Big Sur before version 11.5.1

Impact

A memory corruption issue allows attackers to execute arbitrary code on the affected system.


Solution

  • iOS 14.7.1
  • iPadOS 14.7.1
  • macOS Big Sur 11.5.1

SanerNow detects these vulnerabilities and automatically fixes them through patch management by applying security updates. We strongly recommend applying the security updates as soon as possible following the instructions published in our support article.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments