The Indian computer emergency response team (Cert-in) is warning Apple iPhone and iPad users to immediately update their devices to iOS 14.7.1 and iPados 14.7.1.
The agency, under the Ministry of Electronics and Information Technology, said that iOS and iPado have an active vulnerability that is “being exploited”.
Cert-in issued a ‘high’ severity warning around the vulnerability of newly discovered memory corruption.
The affected device is the iPhone 6S and the newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and then and iPod Touch (7th generation) , “Vulnerabilities have been reported on Apple iOS and iPados that can be exploited by remote striker to execute the arbitrary code and get the privilege of the targeted system,” Cert-in said.
This vulnerability is in IomobileframeBuffer Apple iOS and iPados because of memory corruption problems with inadequate memory handling.
Long-distance striker with kernel privileges can exploit this vulnerability using an evil-made application, described.
Not updating to iOS 14.7.1 and iPados 14.7.1 software version can allow attackers to get increased privileges on targeted systems.
Apple warns users that be aware of reports that this problem may have been exploited actively.
The new iOS 14.7.1 also fixes the problem where the iPhone model with the touch ID cannot unlock the apple watch that is paired using the ‘open key with iPhone’ feature.