The government’s official IT security organisation CERT-In (Indian Computer Emergency Response Team) has asked Apple users to urgently update their iPhone and iPad units to the latest versions. iOS 14.7.1 and iPadOS 14.7.1 were released earlier this week with critical bug fixes. The updates fix a memory corruption zero-day vulnerability that the government confirms is being actively exploited in the wild. CERT-In says that successful exploitation of these vulnerabilities could allow an attacker with kernel privileges to execute arbitrary code and gain elevated privileges on a targeted system.
CERT-In has issued a security alert for all iPhone and iPad users urging them to update to the latest iOS 14.7.1 and iPadOS 14.7.1 versions. The memory corruption issue affects all iPhone 6s and later handsets, all iPad Pro models, iPad Air 2 and later, iPad fifth generation and later devices, iPad mini 4 and later models, iPod Touch (seventh generation), and devices running macOS Big Sur. The fix is also bundled with macOS Big Sur 11.5.1.
This memory corruption vulnerability, CERT-In says, could be exploited by an attacker to execute malicious code and gain remote access. The vulnerability exists in IOMobileFrameBuffer of Apple’s iOS and iPadOS due to memory corruption issue with inadequate memory handling. CERT-In says that a hacker with kernel privileges can exploit this vulnerability using a malicious crafted application. The government authority urges that the flaw is being exploited in the wild and advises users to apply the security patch urgently.
For all those who haven’t updated their iPhone and iPad models yet, can do so by going to Settings > General > Software Update and manually look for an update to install. It is recommended that you stay on the latest update, especially if you use one of the above-mentioned devices. Mac users can update to the latest version by going to System Preferences in the Apple menu and clicking on Software Update.