Apple has recently rolled out a short macOS and iOS update with a critical security fix. This update patched a zero-day bug under attack targeting Apple devices.
Apple Patched Zero-Day Under Attack
Recently, Apple has fixed a serious security vulnerability that affected a range of products. Precisely, the tech giant has patched a zero-day under exploit affecting all major Apple devices, including Apple Watch.
Specifically, Apple highlighted a memory corruption vulnerability in the IOMobileFrameBuffer. It’s a kernel extension controlled by the IOMobileFramework to manage screen framebuffer. (In simple words, the framebuffer is the part of the memory used for representing the screen display).
Exploiting the vulnerability CVE-2021-30807 could allow an adversary to execute codes with Kernel privileges. As Apple described in its advisories, the tech giant got the tip from an anonymous researcher. Also, it is aware of the active exploitation of this flaw in the wild.
Hence, Apple has patched this zero-day for all its devices with the release of macOS Big Sur 11.5.1, iOS and iPadOS 14.7.1, and watchOS 7.6.1.
Interestingly, right before these updates, Apple had released iOS 14.7, addressing the serious WiFi bug triggered due to weird SSIDs.
Is The Bug Related To NSO Exploit?
Apple hasn’t stated anything about the kind of exploitation it has detected for CVE-2021-30807.
However, the seemingly urgent release of this patch shortly after the stable rollout of dozens of other fixes raise speculations that the bug might be linked to the NSO exploit that Amnesty International highlighted recently in its report on the “Pegasus Project” – the infamous Israeli spyware known for sneakily tracking Apple (especially iPhone) users.
Nonetheless, Apple hasn’t commented on affirming or declining this speculation yet.
Whatever this Apple bug relates to, the fact that the tech giant has admitted its active exploitation is alarming. Since the patches are out, all Mac, iPhone, iPad, and Apple Watch users must update their devices quickly.