Security News > 2021 > July > Apple Patches Actively Exploited Zero-Day in iOS, MacOS

Apple Patches Actively Exploited Zero-Day in iOS, MacOS
2021-07-27 13:36

Apple patched a zero-day flaw on Monday, found in both its iOS and macOS platforms that's being actively exploited in the wild and can allow attackers to take over an affected system.

Apple released three updates, iOS 14.7., iPadOS 14.7.1 and macOS Big Sur 11.5.1 to patch the vulnerability on each of the platforms Monday.

Exploiting CVE-2021-30807 can allow for threat actors "To execute arbitrary code with kernel privileges," Apple said in documentation describing the updates.

Apple addressed the issue in each of the updates with "Improve memory handling," the company said.

Though Apple attributed the discovery of the bug to an "Anonymous researcher," a security researcher at the Microsoft Security Response Center came forward separately on Monday and tweeted that he had discovered the vulnerability some time ago but hadn't yet found the time to report it to Apple.

As iPhone users update to fix yet another Apple zero-day, they also continue waiting for the company to patch a flaw that makes their devices easy prey for Pegasus spyware.


News URL

https://threatpost.com/apple-patches-actively-exploited-zero-day-in-ios-macos/168177/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-10-19 CVE-2021-30807 Out-of-bounds Write vulnerability in Apple products
A memory corruption issue was addressed with improved memory handling.
local
low complexity
apple CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349