New Delhi: The Indian security company CERT-In (Indian Computer Emergency Response Team) has reportedly instructed Apple customers to update their iOS devices to the latest software. The Apple software update for iOS 14.7.1 and iPadOS 14.7.1 was released earlier this week. A zero-day vulnerability for memory corruption has been fixed in the updates, which has been reported to be actively exploited by attackers.
All iPhone and iPad users are urged to update to iOS 14.7.1 or iPadOS 14.7.1 following a security alert from CERT-In. Apple’s iPhone 6s and older handsets are affected, as are iPad Pro models, iPad Air 2 and newer, iPad mini 4 and newer models, iPod Touch (seventh generation), and macOS Big Sur devices. The fix is also included in macOS Big Sur 11.5.1.
CERT-In warns that an attacker could exploit this memory corruption vulnerability to execute malicious code and gain remote access. An issue with improper memory handling leads to a vulnerability in Apple’s IOMobileFrameBuffer for iOS and iPadOS. This vulnerability can be exploited via a malicious application by someone who has kernel privileges. Apparently, the flaw is already being exploited in the wild. Users are urged to apply the patch as soon as possible.
Update your iPhone and iPad
In case you have not updated your iPhone and iPad models yet, you can do so by going to Settings > General > Software Update and manually checking for updates. If you own one of the above-mentioned devices, it’s recommended that you keep up with the latest updates. Mac users can upgrade to the latest version by going to System Preferences in the Apple menu and clicking on Software Update.