Last week iOS 14.7 appeared, adding features including support for Apple’s magnetic battery pack. Unfortunately, the update also interrupted the “Unlock with iPhone” feature that Apple Watch wearers used for easy access to their wristwear. Now, another update is going out to fix that.
However, even if you don’t have an Apple Watch, you should still install iOS 14.7.1 (and for Mac owners, macOS 11.5.1) as soon as you can, because security notes from Apple reveal that the two updates it pushed today fix flaws that are already being exploited in the wild. The memory corruption issues in Apple’s desktop and mobile operating systems have been assigned the same vulnerability ID and attributed to an anonymous researcher.
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30807: an anonymous researcher
According to Security Week, this is the 13th zero-day vulnerability Apple has fixed this year.