The official IT security organization CERT-In (Indian Computer Emergency Response Team) of the Indian Government has urged iPhone and iPad users to update their devices to the latest versions. CERT-In marked the vulnerability as severe as they gave the Severity Rating as HIGH.
iOS 14.7.1, iPadOS 14.7.1, and macOS 11.5.1 released earlier this week will reportedly fix the critical bug. The updates resolve a memory corruption issue, the zero-day vulnerability. CERT-In stated that the vulnerability is being actively exploited in the wild.
According to CERT-In, the softwares affected are:
- Apple macOS Big Sur versions prior to 11.5.1
- Apple iOS and iPadOS versions prior to 14.7.1
- iPhone 6s and later
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPod touch (7th generation)
- macOS Big Sur
As per the report, “A vulnerability has been reported in Apple iOS and iPadOS which could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on a targeted system.”
The CERT-In description reads, “This vulnerability exists in the IOMobileFrameBuffer of Apple iOS and iPadOS due to memory corruption issue with inadequate memory handling. A remote attacker with kernel privileges can exploit this vulnerability using a maliciously crafted application.”
Furthermore, it reads, “Successful exploitation of these vulnerabilities could allow an attacker to gain kernel privileges to execute arbitrary code and gain elevated privileges on a targeted system.”
As this vulnerability is actively exploiting in the wild, Apple released the fixed patch with the new updates. And Indian Government advises Apple users to urgently apply those patches by updating their devices.
So, that’s been it. Thank you for reading, and do share the article if you get a bit piece of information. Also, keep an eye on this space for more relevant updates. Stay safe, and we hope to see you around.