Apple fixes zero-day affecting iPhones and Macs, exploited in the wild

Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs.

The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher.

Apple has fixed the bug, allowing applications to execute arbitrary code with kernel privileges, by improving memory handling in iOS 14.7.1, iPadOS 14.7.1, and macOS Big Sur 11.5.1.

The list of impacted devices includes Macs, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

"Apple is aware of a report that this issue may have been actively exploited," the company said in security advisories published earlier today.

While Apple did disclose that at least one report mentioned CVE-2021-30807 active exploitation in the wild, the company did not release any additional information regarding these attacks.

Withholding this info is likely a measure designed to allow the security updates released today to reach as many iPhones, iPads, and Macs as possible before other threat actors pick up on the details and start actively abusing the now-patched zero-day.

Long list of zero-days patched this year

Since the start of 2021, Apple has released security updates to address what looks like an endless wave of zero-day vulnerabilities, many of them tagged by the company as exploited in the wild:

Last month, Amnesty International and Forbidden Stories also revealed that they found spyware made by Israeli surveillance vendor NSO Group deployed on iPhones running the latest iOS release, likely hacked using zero-day zero-click iMessage exploits.

Project Zero also recently revealed that a group of hackers used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.

Related Articles:

Opera sees big jump in EU users on iOS, Android after DMA update

Oracle warns that macOS 14.4 update breaks Java on Apple CPUs

Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 million

Brave: Sharp increase in installs after iOS DMA update in EU

ArcaneDoor hackers exploit Cisco zero-days to breach govt networks