On 26 July 2021, Apple released an out-of-band security update to address an actively exploited vulnerability. Timely updates are recommended.
- The issue, tracked as CVE-2021-30807, is in the subsystem of the IOMobileFramebuffer kernel extension. It is a local privilege escalation (LPE) flaw allowing a local application to trigger memory corruption and execute malicious code with kernel privileges.
- Apple reported that this issue may have been actively exploited.
- The versions of Apple products fixing this vulnerability are iOS 14.7.1, iPadOS 14.7.1, and macOS Big Sur 11.5.1.
- If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
- Check for and install software updates on your device manually by going to Settings > General > Software Update.