Apple has just issued iOS 14.7.1—an urgent update that comes with an “important” security fix for an issue that is already being used by adversaries to attack iPhones.
For this reason, the iPhone maker says the iOS 14.7.1 update is urgent, and it is “recommended for all users.”
The issue patched in iOS 14.7.1 is a vulnerability in IOMobileFrameBuffer, a kernel extension for managing the screen framebuffer, that could allow an application to execute arbitrary code with kernel privileges. Apple says it is “aware of a report that this issue may have been actively exploited.”
It’s only been a week since Apple released iOS 14.7, which itself included critical security fixes, but did not address a vulnerability in iMessage that adversaries could have been taking advantage of to attack iPhones with the Pegasus spyware.
But Apple does not seem to have fixed the iMessage vulnerability in iOS 14.7.1, which Sean Wright, Immersive Labs’ SME application security lead, says is “surprising.”
Even so, he says it’s “good to see the vulnerability in iOS 14.7.1 being fixed, especially since it looks like it has been actively exploited.”
iOS 14.7.1—an urgent update for all iPhone users
Although Apple does provide a few details on security fixes, it does not include all of them until as many people as possible have updated their iPhones. But assume the iOS 14.7.1 security update is urgent, especially if you are a corporate Apple user or if you could be a target for attackers.
MORE FOR YOU
Yet Wright also points out that the issue fixed in iOS 14.7.1 might be quite hard for attackers to exploit, because it relies on you installing a malicious application. With this in mind, he also advises: “Only install apps from the official App Store and make sure you look at requested permissions—noticing if, for example, a flash light app is requesting access to your contacts—and reading user feedback/reviews.”
Apple’s iOS 14.7.1 is the latest in multiple iPhone updates taking place this year, with Apple seemingly scrambling to patch all the holes appearing in its iOS operating system. There could be many reasons for this: Attackers are targeting iPhones more, ethical hackers are finding holes more efficiently, or Apple has more issues with its OS than previously.
The latest upgrade also fixes a bug which meant iPhone models with Touch ID could not unlock a paired Apple Watch using the Unlock with iPhone feature.
The already exploited security vulnerabilities fixed in iOS 14.7.1 make this an important upgrade for your device. Wright says there is no need to panic, but “I would highly recommend people update as soon as they can, given there is reason to believe that this is being actively exploited.”
You know what to do: Don’t wait, update to iOS 14.7.1 now to keep your iPhone safe.