Apple issued a brief announcement on July 26 that provided only limited information on the patch, which covers iOS 14.7.1, iPad OS 14.7.1 and macOS Big Sur 11.5. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” the announcement stated.
A ‘Memory Corruption’ Issue
Though Apple’s announcement was short on specifics, a report by cybersecurity software firm Sophos attempted to elaborate on vulnerabilities facing unpatched Apple devices. It seems the vulnerability relates to the IOMobileFrameBuffer, which Sophos says helps software with little or no privileges “to configure and use your device’s or computer’s display.”
This type of memory corruption bug is frequently exploited for denial of service attacks that crash a device at will. It can also cause information leaks. More troubling is the possibility that this kind of exploit could allow a malicious program to make unauthorized changes to a device’s kernel memory, which could lead to the elevation of privilege for malicious software or remote code execution capabilities.
Sophos put the seriousness of this recently discovered vulnerability in clear and concerning terms. When reading Apple’s description that the exploit could “execute arbitrary code with kernel privileges, “you should assume that an attacker could not only steal your personal data without any visible warnings, but also effectively ‘jailbreak” your device, thereby bypassing Apple’s protective security boundaries entirely….”
Links to Pegasus Spyware
A report by 9to5Mac released a day after Apple’s security patch suggested that there might be a connection between the emergency release and an ongoing media investigation into widespread spyware infections from a surveillance program developed by the Israel-based NSO Group. The company says it helps governments prevent and investigate terrorism. Its critics say they are little more than hackers for hire.
The Pegasus Project is a collaborative investigation by media organizations into the NSO Group and the company’s clients in the wake of a data leak that allegedly exposed more than 50,000 mobile phone numbers of “people of interest” by clients of NSO Group who licensed the Pegasus spyware.
Among those numbers, investigators have identified more than 1,000 from 50 countries that belong to journalists, opposition politicians, business executives, human rights activists, and heads of state. “The Pegasus Project lays bare how NSO spyware is a weapon of choice for repressive governments to silence journalists, attack activists and crush dissent…,” Amnesty International Secretary General Agnes Callamard said in a statement earlier this month.
Don’t Wait for Update Notifications
The quickest way to ensure that your Apple devices are protected is to manually check for any available updates.
- For iPhone and iPad devices, access Settings > General > Software Update. For iOS 14 users, select version 14.7.1.
- For MacBook or desktop Mac computers, access Apple menu > System Preferences > Software Update. If you have updated to the latest version of the macOS, Big Sur 11, select version 11.5.1.
Secure Data Recovery’s expert technicians have seen the havoc that malware can cause on an unprotected smartphone. Our mobile phones have become increasingly central to our everyday lives, from apps we use to shop, to mobile banking services, to personal SMS conversations. Our mobile phones can often contain a near-complete record of our daily activities. Keeping them safe from unauthorized access is vital to our personal and digital security.
Secure Data Recovery’s research and development team specializes in the creation of custom tools and utilities for every data loss contingency. Our team is Apple Mac Certified and has more than a decade of experience in successful data recovery and mobile forensics services for iPhone and other Apple mobile devices, including devices that have crashed as a result of the Error Code 14.
If you suspect that your iPhone or other Apple mobile device has been compromised by malware, or if you experience data loss as a result of physical damage, our data recovery engineers are standing by to assist you. Call Secure Data Recovery Services now at 1-800-388-1266 for more information or to open a data recovery case.
