The government of India’s official IT security organization CERT-In (Indian Computer Emergency Response Team) has warned Apple users to update their iPhones and iPads as soon as possible. Apple had recently released iOS 14.7.1 and iPadOS 14.7.1 updates that fix a memory corruption zero-day vulnerability. According to CERT-In, this vulnerability is “currently being exploited,” Hence, users are advised to “apply patches urgently.”
Going by the CERT-In report, exploiting this vulnerability could let a remote attacker with kernel privileges execute arbitrary code and gain elevated privileges on a targeted system. As per an official statement, “This vulnerability exists in IOMobileFrameBuffer of Apple iOS and iPadOS due to memory corruption issues with inadequate memory handling.”
According to CERT-In, devices affected by this vulnerability include iPhone 6s and later models, all iPad Pro models, iPad Air 2 and later models, iPad fifth generation and later devices, iPad mini 4 and later models, iPod Touch (seventh generation), and devices running macOS Big Sur.