Apple users told to update iOS and macOS immediately to stop this security threat

Apple has already spotted and patched a dozen zero-days this year alone

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Users ofAppledevices have been told to update and patch their iOS and macOS devices following the discovery of another significant security threa,

Apple has patched yet another zero-day that existed in both its mobile (iOS) and desktop (macOS)operating systems, and has actively been exploited in the wild.

The bug could be exploited to execute arbitrary code with kernel privileges on vulnerable devices, warnsApple’s advisory. Reported by an anonymous researcher, the vulnerability affected virtually all Apple-ware includingMacs,iPhone6s and later,iPad Pro(all models),iPad Air 2and later,iPad5th generation and later,iPad Mini 4and later, andiPod touch(7th generation).

Tracked as CVE-2021-30807, Apple describes the vulnerability as a memory corruption issue in the IOMobileFramebuffer kernel extension.

Active exploitation

Active exploitation

Apple acknowledged reports that the bug “may have been actively exploited,” but didn’t share any further details about the exploitation.

Meanwhile,The Recordhasspotteda proof-of-concept exploitposted by a security researcherthat takes advantage of the CVE-2021-30807 vulnerability, while another has published adetailed analysisclaiming to have found the bug independently.

Notably, CVE-2021-30807 is the 13th zero-day vulnerability that Apple has had to patch this year alone. While a majority of theearlier zero-daysimpacted iOS and iPadOS, a couple also troubled macOS users as well.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In any case, Apple urges its users to update to the updated iOS 14.7.1, iPadOS 14.7.1, and macOS Big Sur 11.5.1 versions it has released to address the CVE-2021-30807 vulnerability.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report