Apple has issued security updates for iOS, iPadOS and macOS Big Sur that address a zero-day exploit being actively exploited in the wild. The memory corruption issue was submitted by an anonymous security researcher. Hopefully, they were rewarded handsomely for the find.
The updates – iOS 14.7.1, iPadOS 14.7.1 and macOS Big Sur 11.5.1 – all involve CVE-2021-30807, which can allow an application to execute arbitrary code with kernel privileges. Apple said it is aware of a report that the exploit has been actively leveraged in public.
To grab the iOS or iPadOS update, navigate to Settings > General > Software Update then tap “Download and Install.” On a Mac, you’ll need to open the Apple menu then select System Preferences > Software Update > Update Now.
As Bitdefender highlights, Twitter user Saar Amar reportedly discovered the vulnerability months ago and was planning to alert Apple once he had fully worked out the exploit in order to have a “high-quality” submission. Instead, it seems someone else beat Amar to the punch.
Either way, you’ll want to apply this patch ASAP since the exploit is already being used by nefarious parties. The update, at least on iPhones, checks in around 920MB in size.