Apple patches zero-day flaw that hackers may have exploited

Apple patches zero-day flaw that hackers may have exploited
Written by Jul 27, 2021 | CYBERSCOOP

Apple has released updates for its mobile, iPad and computer operating systems, fixing a zero-day flaw that appears to be the subject of active exploitation.

The patch comes mere days after another update that tackled 40 vulnerabilities. The latest software update comes in the wake of reports that the Israeli spyware firm NSO Group had developed a hacking tool that helps its customers remotely compromise iOS systems. Whether the patch address those technical issues was not immediately clear. Apple did not immediately respond to a request for comment.

The prior Apple update did not address the NSO Group exploits.

The iOS 14.7.1, iPadOS 14.7.1 and Big Sur 11.5.1 patch notes are likewise mum, other than to say that an anonymous researcher brought the vulnerability to Apple’s attention. The issue involved improper access to kernel mode, which a hacker could have abused to access the underlying hardware on a device, and manipulate some memory functions.

“An application may be able to execute arbitrary code with kernel privileges,” the notes for the updates issued Monday read. “Apple is aware of a report that this issue may have been actively exploited.”

Apple zero-day, or previously unrevealed, flaws are more common than they once were, to the point that last year zero-day broker Zerodium temporarily stopped acquiring them. By one count,
Support the originator by clicking the read the rest link below.