The vulnerability in select Apple devices running on iOS, iPadOS, macOS could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on the victim's device
Indian cybersecurity nodal agency, CERT-In has issued a warning for owners of select Apple products which includes some iPhones, iPads and even devices running on macOS.
The agency has revealed that there is a memory corruption vulnerability in Apple macOS Big Sur versions prior to 11.5.1 and Apple iOS and iPadOS versions prior to 14.7.1. The warning was issued on Wednesday with a severity rating of 'HIGH'.
According to the agency, the vulnerability could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on a targeted system.
A statement from CERT-In has confirmed that the vulnerability exists in IOMobileFrameBuffer of Apple OS and Pados due to memory corruption issue with inadequate memory handling. A remote attacker with kernel privileges can exploit this vulnerability using a maliciously crafted application.
The vulnerability has already been discovered and the agency has confirmed that it is being exploited. Users of the below-mentioned devices are strongly advised to apply patches urgently that have been rolled out in the latest OS updates.
Apple also acknowledged the presence of the new vulnerability. According to the tech giant, a memory corruption issue was found and later addressed with improved memory handling.
Due to the corruption, however, the company claimed that an application may be able to execute arbitrary code with kernel privileges. Apple further confirmed that this issue may have been actively exploited.
The software is affected in the following devices: