The timing of this Apple’s urgent security update is sure to raise some questions as it’s happening in the same time frame as the Pegasus hacks. According to the reports, the spyware tool turned mobile phones of journalists, activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them. The most recent 0-day bug patch that was released this Monday was in the line of 13 releases that Apple has made since the start of this year. Apple has fixed these vulnerabilities for all of their offerings including iOS, iPadOS, and macOS for which Apple claims that the flaw was actively being exploited, until after Apple released the patch. The update fixes a memory corruption issue (CVE-2021-30807) in the IOMobileframeBuffer component, which is a kernel extension for managing the screen framebuffer. In essence, the flaw could be abused to execute arbitrary code with kernel privileges. Apple claims that in addition to addressing the issue, they have also improved memory handling. Further details about the exploit have not been disclosed to prevent ill-usage of the information for more severe attacks. An anonymous researcher has been credited by Apple for discovering and reporting the vulnerability. Here are the other 0-day vulnerabilities that Apple has patched in this year alone including CVE-2021-30807 update — CVE-2021-1782 (Kernel) – A malicious application may be able to elevate privileges CVE-2021-1870 (WebKit) – A remote attacker may be able to cause arbitrary code execution CVE-2021-1871 (WebKit) – A remote attacker may be able to cause arbitrary code execution CVE-2021-1879 (WebKit) – Processing maliciously crafted web content may lead to universal cross-site scripting CVE-2021-30657 (System Preferences) – A malicious application may bypass Gatekeeper checks CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30663 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30665 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30666 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30713 (TCC framework) – A malicious application may be able to bypass Privacy preferences CVE-2021-30761 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30762 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution Like any security vulnerability this one is not to be taken lightly considering the threats Apple devices have been exposed to lately. We highly recommend that you move quickly to update your devices to the latest version to avoid exposing your device to attacks associated with the flaw. About Galaxy We specialize in delivering end-to-end software design & development services. Our mobile team and UI/UX designers are creative problem-solvers with a decade of experience in all facets of digital and interactive design. We create compelling and human-focused experiences delivered through clean, and minimalist UI. Click here for a free consultation!