The new vulnerability is the 13th ‘zero-day’ threat found by Apple.
On Monday, July 26, Apple released a new ‘zero-day’ vulnerability. The newly-found bug is reportedly found in both mobile (iOS) and desktop (macOS) operating systems. According to the recent Apple advisory, all owners of Apple devices should now update their software to prevent the said exploitation. Here’s how to update your device.
CVE-2021-30807 is the name of the newly-found ‘zero-day’ exploitation. According to Apple via Tech Radar, the said bug was initially found on iGiant’s IOMobileFrameBuffer code. This code composes of a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.
As explained by Apple, the said issue may have now been ‘actively exploited.’ Since the bug was considered a ‘zero-day’ threat, Apple did not disclose further information about the new vulnerability. This is in line to protect Apple and other users from further attacks from possible threat actors.
Unfortunately, Apple did not name who might have hacked their system through the said bug. This bug was already the 13th ‘zero-day’ vulnerability that Apple has announced so far this year.
Some reports said that the threat actors behind the current attack are related to NSO Group’s Pegasus surveillance software.
Pegasus surveillance and Apple
In a report from The Register, the new Apple bug was found somehow related to the recently published articles of Amnesty International and media advocacy group Forbidden Stories. According to the post, the company published a series of articles called the Pegasus Project.
As explained, the Pegasus project is spyware used by the NSO Group, an Israeli cyberarms firm. Based on the report, the Pegasus is rumored to become the strongest exploitation that could be recorded for iOS devices.
They said that anyone from journalists to politicians can have their devices’ hacked due to the said spyware. They alleged that the government is paying professionals hackers to commit espionage.
Pegasus spyware claimed that all recent iOS updates can be compromised. This includes updates up to iOS 14.6.
What you can do
If you are worried that you might be victimized by the said new bug, it’s better to update your Apple device right away. Apple calls out every iPhone and Mac user to download their security updates to prevent their devices from compromise due to the new ‘zero-day’ attack.
In today’s case, the available Apple update for each devices are: iOS 14.7.1, iPadOS 14.7.1, and macOS Big Sur 11.5.1 versions.
Here are the steps on how to update your Apple device:
- Plug your device into power and connect to the Internet with Wi-Fi.
- Go to Settings > General, then tap Software Update.
- Tap Download and Install.
- To update now, tap Install. Or you can tap Later and choose Install Tonight or Remind Me Later.
- If asked, enter your passcode.
- On a Mac with macOS Catalina 10.15, open Finder. On a Mac with macOS Mojave 10.14 or earlier, or on a PC, open iTunes.
- Connect your device to your computer.
- Locate your device on your computer.
- Click General or Settings, then click Check for Update.
- Click Download and Update.
- If asked, enter your passcode.
Update your device now!