Earlier this week, Apple released iOS 14.7.1 and macOS Big Sur 11.5.1. The iOS update fixes an issue with Apple Watch pairing on iPhones with Touch ID. However, it also comes with a fix for a critical security vulnerability that may have been actively exploited. The Indian Computer Emergency Response Team (CERT-In) has now issued a vulnerability note urging users to update their iPhones immediately.
Update iPhone for Critical Vulnerability Fix
“A vulnerability has been reported in Apple iOS and iPadOS which could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on a targeted system. This vulnerability is currently exploited in the wild, users are advised to apply patches urgently,” wrote CERT-In in its vulnerability note.
If you are unaware, the vulnerability in question is called IOMobileFrameBuffer. It gives apps the ability to execute arbitrary code with kernel privileges. Apple even goes on to state that it is aware of a report that this issue may have been actively exploited, citing an anonymous researcher.
The emergency bugfix is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
If you own any of these devices, you can navigate to Settings -> General -> Software Update to keep your iPhone/ iPad secure. Mac users can update to macOS Big Sur 11.5.1 to stay on the safer side. To update your Mac, go to Apple menu -> System Preferences -> Software Update -> Update Now.