Vulnerabilities and security patches go hand in hand, sometimes the latter might be delayed, which gives hackers and cybercriminals a window to practice their mischief. The Indian Computer Emergency Response Team (CERT-In) has warned of a seizure vulnerability in iPhones, iPads and Macs, advising its users to act immediately or be ready to pay a hefty price.
CERT-In issued a "high" severity alert after discovering memory corruption vulnerability that affects iPhones, iPads and even Macs. Unless updated to the latest software, these Apple iDevices carry active vulnerabilities that are "currently being exploited" by malicious actors.
What's the risk & who's affected?
As per official statement by CERT-In, the vulnerability exists ins IOMobileFrameBuffer of iOS and iPadOS and it could allow hackers to remotely corrupt the memory with kernel permissions. The vulnerability allows attackers to execute arbitrary code and gain elevated privileges on the targeted system, which is enough to raise the severity alert to "high."
The affected devices by this vulnerability include:
- iPhone 6s and later models
- All iPad Pro models
- iPad Air 2 and later models
- iPad's 5th gen and above models
- iPad mini 4 and later models
- iPod touch (7th gen)
- macOS Big Sur
What should you do?
Given the severity of the vulnerability and the fact that it is being actively used in the wild, it is imperative that users of all affected devices do a software update. Apple has already released the patch, which should protect all devices from the vulnerability.
In iPhones and iPads, users can go to Settings > General > Software Update. iPhone users will see iOS 14.7.1 update ready to install whereas, iPad and Mac users will see iPadOS 14.7.1 and Big Sur 11.5.1 updates ready to install. Make sure the devices are connected to Wi-Fi and hit the install button and patiently wait for the software update. Depending on the speed of your Wi-Fi, it may take several minutes.