Apple has rolled out security updates for its iOS and macOS operating systems to address a security vulnerability, which the iPhone maker says may have been exploited in the wild.
The flaw, tracked as CVE-2021-30807, is a buffer overflow issue within the IOMobileFrameBuffer subsystem, which can be exploited by a local attacker to execute arbitrary code on the target system with kernel privileges.
The list of vulnerable devices includes Macs, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Apart fr om saying it is “aware of a report that this issue may have been actively exploited” Apple did not share any additional details on who, wh ere and when may have been exploited the bug.
Since the beginning of this year Apple fixed a dozen zero-day vulnerabilities affecting iOS and macOS, including three iOS zero-days (CVE-2021-1870, CVE-2021-1871, CVE-2021-1882) in February, an iOS zero-day (CVE-2021-1879) in March, two zero-days in iOS and macOS (CVE-2021-30661, CVE-2021-30657) in April, three iOS zero-days (CVE-2021-30663, CVE-2021-30665, CVE-2021-30666), as well as one macOS zero-day (CVE-2021-30713) in May, and two zero-days (CVE-2021-30761 and CVE-2021-30762) in June.