This is the 30th such vulnerability Apple has patched since the start of this year. Which shows how supercool and secure the software is.
The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory corruption issue (CVE-2021-30807) in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer, that could be abused to execute arbitrary code with kernel privileges.
The company said it addressed the issue with improved memory handling, noting it's "aware of a report that this issue may have been actively exploited".
Apple has refused to provide additional details about the flaw and have not been disclosed apparently to prevent the weaponization of the vulnerability for additional attacks, although if Apple had really fixed the flaw surely there is no harm in talking about it.
Apple credited an anonymous researcher for discovering and reporting the vulnerability.
The timing of the update also raises questions about whether the zero-day had been exploited by NSO Group's Pegasus software, which has become the focus of a series of investigative reports that have exposed how the spyware tool turned mobile phones of journalists, human rights activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them.
