CERT-In issued a ‘high’ severity alert around the newly discovered memory corruption vulnerability. The devices that are affected are iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation).
“A vulnerability has been reported in Apple iOS and iPadOS which could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on a targeted system,” said CERT-In.
This vulnerability exists in IOMobileFrameBuffer of Apple iOS and iPadOS due to memory corruption issues with inadequate memory handling. A remote attacker with kernel privileges can exploit this vulnerability using a maliciously crafted application, it explained.
Not updating to the latest iOS 14.7.1 and iPadOS 14.7.1 software versions may allow attackers to gain elevated privileges on a targeted system. Apple warned users that it is aware of a report that this issue may have been actively exploited.
The new iOS 14.7.1 also fixes an issue where iPhone models with Touch ID cannot unlock a paired Apple Watch using the ‘Unlock with iPhone’ feature.