Apple Patches Actively Exploited Zero-Day in iOS, MacOS

[silversurfer]

Apple patched a zero-day flaw on Monday, found in both its iOS and macOS platforms that’s being actively exploited in the wild and can allow attackers to take over an affected system.
 
The memory-corruption flaw, tracked as CVE-2021-30807, is found in the IOMobileFrameBuffer extension which exists in both iOS and macOS, but has been fixed according to specific device platform.
 
Apple released three updates, iOS 14.7., iPadOS 14.7.1 and macOS Big Sur 11.5.1 to patch the vulnerability on each of the platforms Monday.
 
Exploiting CVE-2021-30807 can allow for threat actors “to execute arbitrary code with kernel privileges,” Apple said in documentation describing the updates.
 
“Apple is aware of a report that this issue may have been actively exploited,” the company said. Apple addressed the issue in each of the updates with “improve memory handling,” the company said.

iOS devices that should be updated immediately are: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Read more: Apple Patches Actively Exploited Zero-Day in iOS, MacOS | Threatpost