Apple Rolls Out a Zero-Day Patch
Table of Contents
- By Dawna M. Roberts
- Published: Jul 30, 2021
- Last Updated: Mar 18, 2022
Monday, Apple rolled out a zero-day vulnerability patch on iOS, iPad, and macOS operating system devices.
Security Issue
On Monday, Apple pushed a security update out to all iOS, iPad, and macOS devices to address a severe zero-day flaw that hackers have used to exploit users. According to The Hacker News it is the “thirteenth such vulnerability Apple has patched since the start of this year.”
Less than a week ago, Apple released iOS 14.7 and iPadOS 14.7 as well as macOS Big Sur 11.5 to address multiple security concerns including a memory issue (CVE-2021-30807) “in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer, that could be abused to execute arbitrary code with kernel privileges.”
Apple reassured customers that the issue had been addressed with the 14.7 updates but that at the time of the patch, it had already been exploited by bad actors. As a result, no further details were released for security reasons.
Pegasus Connection?
According to The Hacker News, there is speculation about a connection between the emergency patch and recent news reports of abuse using the Pegasus software.
The Hacker News says, “The timing of the update also raises questions about whether the zero-day had any role in compromising iPhones using NSO Group’s Pegasus software, which has become the focus of a series of investigative reports that have exposed how the spyware tool turned mobile phones of journalists, human rights activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them.”
The Entire Library of Patches
The entire list of patches so far this year from Apple include:
-
“CVE-2021-1782 (Kernel) - A malicious application may be able to elevate privileges.
-
CVE-2021-1870 (WebKit) - A remote attacker may be able to cause arbitrary code execution.
-
CVE-2021-1871 (WebKit) - A remote attacker may be able to cause arbitrary code execution.
-
CVE-2021-1879 (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting.
-
CVE-2021-30657 (System Preferences) - A malicious application may bypass Gatekeeper checks.
-
CVE-2021-30661 (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution.
-
CVE-2021-30663 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
-
CVE-2021-30665 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
-
CVE-2021-30666 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
-
CVE-2021-30713 (TCC framework) - A malicious application may be able to bypass Privacy preferences.
-
CVE-2021-30761 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
-
CVE-2021-30762 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.”
How Apple Users Can Stay Safe
Hackers are constantly exploring all vulnerabilities within the Apple ecosystem to try and gain access to the device for theft and fraud. Therefore, Apple device users must do all they can to stay safe. Some tips include:
-
Update your device with all security patches as soon as they are released.
-
Turn on biometrics so only you can unlock your device.
-
Consider using a VPN to protect your IP address and keep your online experience private.
-
Configure the device with the highest security and privacy settings.
-
Protect your passwords; never share them with anyone.
-
Do not reuse passwords on multiple websites.
-
Always use strong passwords with a combination of letters (upper and lower case), symbols, and numbers.
-
Never click links in email or download attachments.
-
Verify the sender of emails and text messages.
-
Do not click on links in text messages or social media ads