Apple patches nasty vulnerability impacting iPhones, iPads and Macs

Shawn Knight

Posts: 13,506   +132
Staff member
Editor's take: Apple has issued security updates for iOS, iPadOS and macOS Big Sur that address a zero-day exploit being actively exploited in the wild. The memory corruption issue was submitted by an anonymous security researcher. Hopefully, they were rewarded handsomely for the find.

The updates – iOS 14.7.1, iPadOS 14.7.1 and macOS Big Sur 11.5.1 – all involve CVE-2021-30807, which can allow an application to execute arbitrary code with kernel privileges. Apple said it is aware of a report that the exploit has been actively leveraged in public.

To grab the iOS or iPadOS update, navigate to Settings > General > Software Update then tap “Download and Install.” On a Mac, you’ll need to open the Apple menu then select System Preferences > Software Update > Update Now.

As Bitdefender highlights, Twitter user Saar Amar reportedly discovered the vulnerability months ago and was planning to alert Apple once he had fully worked out the exploit in order to have a “high-quality” submission. Instead, it seems someone else beat Amar to the punch.

Either way, you’ll want to apply this patch ASAP since the exploit is already being used by nefarious parties. The update, at least on iPhones, checks in around 920MB in size.

Permalink to story.

 

Dimitriid

Posts: 1,108   +2,100
I have been told, almost every time I say anything even mildly critical of Apple, that this wouldn't be necessary because they restrict their store and app installs so much.

I guess that part is not really about security, unless they stretch 'security' to mean "We're securing your dependence on our ecosystem so we can extract as much profit as possible from you. Oh and those devs yeah they can have 70% I GUESS, whatever"
 

kiwigraeme

Posts: 553   +426
Would be interesting to see the breakdown - $100 000 from apple - vs 1 million plus from companies selling to countries with only kindness in their hearts for their citizens .
Personally I would take the $100 000 - however if it affected only Apple and not real peoples live & death - I'll take the million dollars .
One of the rules of life - Corporations have no loyalty to you - if you think Facebook, Ford , AMD, Apple care about you - then I've a bridge to sell .
I'm not a Corporate Slave - I told people working for them 30 years ago - if they promise a reward year end - and don't deliver ( they never will, and they know you are a Patsy to be exploited )
 

Soulburn74

Posts: 96   +43
On an iPhone 11 Pro Max , which was at 14.7 prior to this release, the 14.7.1 update was only 125MB, not the 920MB listed in the article.
 

Ravey

Posts: 321   +138
Is this a follow up from apple in regards to that other article about the DOS emulator app?