Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Apple unexpectedly released security updates yesterday (July 26) for iPhones, iPads and Macs to fix a single zero-day flaw that's apparently already being used to attack devices. You'll need to update ASAP to iOS 14.7.1, iPad OS 14.7.1 and macOS Big Sur 11.5.1.
The flaw is in the IOMobileFrameBuffer, which controls how an application manager manages a device's display. Apple says the vulnerability makes it possible for "an application... to execute arbitrary code with kernel privileges." That means an app already present on a Mac, iPhone or iPad — for example, Trojan malware pretending to be a benign app — could leverage the flaw to seize control of the entire device.
- Macs under attack from Windows malware — what you need to do
- The best Mac antivirus software
- Plus: New larger high-end iMac tipped to arrive next year
In its characteristically terse way, Apple's security advisories noted that the company "is aware of a report that this issue may have been actively exploited." I.e., it's a software flaw that was exploited before the software maker learned of the flaw, giving Apple zero days' warning. The vulnerability has been assigned the catalogue number CVE-2021-30807.
Apple credits "an anonymous researcher" with discovering the flaw, but hasn't said whether it's related to the Pegasus mobile spyware that's been in the news lately.
Yet Apple is clearly spooked enough by the flaw to push out an emergency update without much else to accompany it — the only other fix with any of these three updates was to an Apple Watch pairing issue. Apple released much larger updates to its various operating systems just last week.
Soon after Apple posted its security advisories, a Twitter user called "binaryboy" posted what purports to be a working exploit of the flaw.
CVE-2021-30807 POC:int main(){io_service_t s = IOServiceGetMatchingService(0, IOServiceMatching("AppleCLCD"));io_connect_t c;IOServiceOpen(s,mach_task_self(),0,&c);uint64_t a[1] = {0xFFFFFFFF};uint64_t b[1] = {0};uint32_t o = 1;IOConnectCallScalarMethod(c,83,a,1,b,&o);}July 26, 2021
And a security researcher who uses his real name on Twitter said he'd found the flaw a few months ago, but had not yet submitted it to Apple. He quickly wrote up a rather technical blog post explaining his discoveries.
So, as it turns out, an LPE vulnerability I found 4 months ago in IOMFB is now patched in iOS 14.7.1 as in-the-wild. I wanted to share some knowledge and details about the bug and some ways to exploit it. Hope you'll find it useful, check it out! https://t.co/fxLTJZgc3BJuly 26, 2021
The updates are available for all Macs capable of running Big Sur, plus, in Apple's words, "iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)."
- More: The best Mac antivirus software out right now
