Skip to content

Apple patches a zero-day exploit with iOS 14.7.1

  • by
  • 2 min read

Following Apple’s last week launch of iOS 14.7, the “Unlock with iPhone” feature for Apple Watch users was disrupted. Apple has now released a patch labelled iOS14.7.1 to fix the issue. An update for macOS labelled macOS 11.5.1 was also released. 

Regardless of whether you wear an Apple Watch or not, you should still install the update as an advisory issued by Apple says that the two updates fix flaws that are already being exploited. 

.The vulnerability allows an application to execute arbitrary code with kernel privileges. The company also stated that its aware of a report that the issue may already have been actively exploited. 

According to an Apple support’s update on Monday, Apple addressed the issue as “iOS 14.7 affected the ability of iPhone models with Touch ID to unlock Apple Watch”, going on to say that the issue is fixed with iOS 14.7.1.

Affected devices include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the 7th generation iPod touch.

iOS 14.7 added hardware support for the MagSafe Battery Pack, among other features.

The fix comes in the form of improved memory handling that fixes a memory corruption issue. The iPhone, iPad and macOS Big Sur all suffer from the same issue, which has now been fixed with this latest update. 

Both the vulnerabilities have been assigned the CVE code CVE-2021-30807 and have been credited to an anonymous researcher. As reported by Security Week, this is the 13th zero-day exploit fixed by Apple this year. 

The iOS 14.7 update brought new features and support for hardware such as the MagSafe Battery Pack, allowing HomePod users to manage timers from their phones and a new Apple Card feature which the company announced back in April, allowing two Apple Card Family users to merge their account and hence their credit limit while keeping the interest rate as low as possible. 

In the News: Samsung will announce new Galaxy Z devices and S Pen on August 11

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>