Security News > 2021 > July > Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.
Apple did not say who might be involved in the exploitation of this bug.
Nor did the company respond to a query about whether the bug has been exploited by NSO Group's Pegasus surveillance software.
Last week, Amnesty International and media advocacy group Forbidden Stories published a series of articles called the Pegasus Project detailing how NSO's software has been used to spy on politicians, journalists, and political activists.
The groups said they had found evidence that "Pegasus zero-click attacks have been used to install spyware on iPhones." Specifically, they said that the software had been used to attack iMessage on iPhone 11 and 12.
Presumably Cupertino's coders will be taking a closer look at the software to see if there's anything else they've missed.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/27/apple_patches_zeroday/
Related news
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-19 | CVE-2021-30807 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 7.8 |