Security News > 2021 > July > Apple Patches Actively Exploited Zero-Day in iOS, MacOS
Apple patched a zero-day flaw on Monday, found in both its iOS and macOS platforms that's being actively exploited in the wild and can allow attackers to take over an affected system.
Apple released three updates, iOS 14.7., iPadOS 14.7.1 and macOS Big Sur 11.5.1 to patch the vulnerability on each of the platforms Monday.
Exploiting CVE-2021-30807 can allow for threat actors "To execute arbitrary code with kernel privileges," Apple said in documentation describing the updates.
Apple addressed the issue in each of the updates with "Improve memory handling," the company said.
Though Apple attributed the discovery of the bug to an "Anonymous researcher," a security researcher at the Microsoft Security Response Center came forward separately on Monday and tweeted that he had discovered the vulnerability some time ago but hadn't yet found the time to report it to Apple.
As iPhone users update to fix yet another Apple zero-day, they also continue waiting for the company to patch a flaw that makes their devices easy prey for Pegasus spyware.
News URL
https://threatpost.com/apple-patches-actively-exploited-zero-day-in-ios-macos/168177/
Related news
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-19 | CVE-2021-30807 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 7.8 |