Security News > 2021 > July > Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.

Apple did not say who might be involved in the exploitation of this bug.

Nor did the company respond to a query about whether the bug has been exploited by NSO Group's Pegasus surveillance software.

Last week, Amnesty International and media advocacy group Forbidden Stories published a series of articles called the Pegasus Project detailing how NSO's software has been used to spy on politicians, journalists, and political activists.

The groups said they had found evidence that "Pegasus zero-click attacks have been used to install spyware on iPhones." Specifically, they said that the software had been used to attack iMessage on iPhone 11 and 12.

Presumably Cupertino's coders will be taking a closer look at the software to see if there's anything else they've missed.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/27/apple_patches_zeroday/