On July 26, Apple unexpectedly released security updates for iPhones, iPads and Macs to fix a single zero-day flaw that's being used to attack devices.
According to Apple the vulnerability was was identified and reported to them“by an anonymous researcher” and goes only by the name of CVE-2021-30807.
The flaw is reported to be in the IOMobileFrameBuffer, which controls how an application manager manages a device's display. Apple says the vulnerability makes it possible for "an application... to execute arbitrary code with kernel privileges."
Put simply, this means that an app already downloaded on a Mac, iPhone or iPad, such as malware pretending to be an inactive app, could use the vulnerability to take control of the entire device.
British security software company, Sophos reports that "this sort of bug frequently leads to DoS, or denial of service attacks, where a malicious program can deliberately crash the device at will."
If you haven't already, we recommend updating to iOS 14.7.1, iPad OS 14.7.1 and macOS Big Sur 11.5.1 as soon as possible.
You can check for updates by following the below:
If you need support ensuring your security is up to date and fit for purpose, our Business Technology Managers (BTMs) and Business Technology Consulting team are specialists in improving your internal cybersecurity and are ready to speak with you. Contact our team on 1300 307 907 today.