Active Exploitation of a Zero-Day Vulnerability in Apple Products

Published on 27 Jul 2021

Updated on 27 Jul 2021

Apple has released an update to address a vulnerability in their products. There have been reports that this vulnerability is being actively exploited.

CVE-2021-30807 - This vulnerability is a memory corruption issue that resides in the IOMobileFramebuffer, a kernel extension for managing the screen frame buffer. 

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code with kernel privileges on a vulnerable device and take full control of the device.

Users are advised to enable automatic software update or patch their products to the latest versions immediately:

  • macOS Big Sur 11.5.1
  • iOS 14.7.1 
  • iPadOS is 14.7.1

 

More information is available here:
https://support.apple.com/en-sg/HT212622 
https://support.apple.com/en-sg/HT212623