Apple has patched a zero-day vulnerability, which is being tracked as CVE-2021-30807.
What Apple Reports:
“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.”
According to Sophos:
“When Apple notes that “an application may be able to execute arbitrary code with kernel privileges”, you should assume that an attacker could not only steal your personal data without any visible warnings, but also effectively “jailbreak” your device, thereby bypassing Apple’s protective security boundaries entirely, without so much as a by-your-leave.”
Available Updates:
*It is currently unknown whether iOS12 and older, but still supported versions are vulnerable and will be patched.”
iMacs (desktops)/MacBooks (laptops):
- Go to the Apple menu > System Preferences > Software Update. If you are using Mac OS Big Sur 11, upgrade to 11.5.1.
iPhones/iPads:
- Go to Settings > General > Software Update, and update to 14.7.1.
Watch (for Apple watch 3 series and later):
For more information on Apple’s security updates, click here.