Apple released iOS 14.7.1 and iPadOS 14.7.1, and macOS Big Sur 11.5.1 yesterday (26) to fix a zero-day vulnerability that has been exploited.
This vulnerability, numbered CVE-2021-30807, also exists in iOS/iPad and the core component of macOS’s IOMobileFrameBuffer. It is a memory corruption vulnerability and was reported by an anonymous researcher. Once mining is successful, it may cause an application to execute arbitrary code with core permissions.
The patch improves memory handling to solve this problem. The devices patched after the release of iOS/iPadOS 14.7.1 include iPhone 6s and later, iPad Pro (all versions), iPad Air 2, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation). This vulnerability only affects macOS Big Sur 11.5.
It is worth noting that Apple has reminded that CVE-2021-30807 has been actively exploited. This is also the 13th zero-day loophole announced by Apple this year. However, Apple has not announced the risk level of the vulnerability CVSS 3.0, nor has it announced the details of the attack.
Users should update the operating system as soon as possible, because researchers discovered that a security vulnerability in the Safari WebKit engine number CVE-2021-1879 that was revealed only in May was used by a hacker organization suspected of being backed by the Russian government to use LinkedIn Messaging to report to European governments. Officials send malicious links to allow iPhone users to direct the attacker to a domain controlled by the attacker to send out the next stage of the attack program.