Apple releases out-of-band update

On 26 July 2021, Apple released an out-of-band security update to address an actively exploited vulnerability. Timely updates are recommended.

Details

• The issue, tracked as CVE-2021-30807, is in the subsystem of the IOMobileFramebuffer kernel extension. It is a local privilege escalation (LPE) flaw allowing a local application to trigger memory corruption and execute malicious code with kernel privileges.
• Apple reported that this issue may have been actively exploited.
• The versions of Apple products fixing this vulnerability are iOS 14.7.1, iPadOS 14.7.1, and macOS Big Sur 11.5.1.

Recommendations

• If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
• Check for and install software updates on your device manually by going to Settings > General > Software Update.

References

• Apple security updates
• Security content of iOS 14.7.1 and iPadOS 14.7.1
• Security content of macOS Big Sur 11.5.1