The Indian Computer Emergency Response Team (CERT-In) is warning Apple iPhone and iPad users to immediately update their devices to iOS 14.7.1 and iPadOS 14.7.1. The agency, under the Ministry of Electronics and Information Technology, said that both iOS and iPadOS have active vulnerabilities that are “currently being exploited”.
CERT-In issued a ‘high’ severity alert around the newly discovered memory corruption vulnerability. The devices that are affected are iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation).
“A vulnerability has been reported in Apple iOS and iPadOS which could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on a targeted system,” said CERT-In.
CERT-In issued a ‘high’ severity alert around the newly discovered memory corruption vulnerability. The devices that are affected are iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation).
“A vulnerability has been reported in Apple iOS and iPadOS which could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on a targeted system,” said CERT-In.
This vulnerability exists in IOMobileFrameBuffer of Apple iOS and iPadOS due to memory corruption issues with inadequate memory handling. A remote attacker with kernel privileges can exploit this vulnerability using a maliciously crafted application, it explained.
Not updating to the latest iOS 14.7.1 and iPadOS 14.7.1 software versions may allow attackers to gain elevated privileges on a targeted system. Apple warned users that it is aware of a report that this issue may have been actively exploited.
The new iOS 14.7.1 also fixes an issue where iPhone models with Touch ID cannot unlock a paired Apple Watch using the ‘Unlock with iPhone’ feature.
timesofindia.indiatimes.com
Leave a Reply