July 27, 2021
Apple has released a security update to address an exploited-in-the-wild zero-day vulnerability which allows for Privileged Arbitrary Code Execution.
The vulnerability affects macOS Big Sur, iOS and iPadOS. (See Affected Products for affected versions)
Apple did not publish details regarding the attacks or attackers that have exploited this vulnerability.
An application may be able to execute arbitrary code with kernel privileges due to a memory corruption issue in the IOMobileFrameBugger component.
- macOS Big Sur prior to 11.5.1
- iOS prior to 14.7.1
- iPadOS prior to 14.7.1
For full mitigation, CYREBRO recommends implementation of the macOS Big Sur 11.5.1 update which fixes this issue.
References: Apple Security Advisory