Next iOS 14.7.1 Apple also released macOS Big Sur 11.5.1 on Monday. At first glance, the update did not contain much special, only a few bug fixes. Now additional details are known, it turns out that there is more going on. Apple closes a serious security hole.
According to Apple, this is a zero day, or a vulnerability that was already exploited before it was known to Apple. Updating a Mac is often a tedious task, but knowing these details is a good idea to install macOS Big Sur 11.5.1 as soon as possible.
Pegasus malware defused?
The timing of these updates suggests that there may be a link to the Pegasus malware. Last week was in the news that the Israeli NSO group sells this malware to governments that don’t do anything too fresh with it. An investigation by Amnesty International and a consortium of journalists found that human rights activists, journalists and heads of state were being spied on via their iPhones. The same vulnerability may have been in macOS as well.
Apple gives little further details. It’s also not clear how affected devices may have been misused. It is clear that the leak has been exploited. To exploit, a malicious app had to be installed on the Mac. He could then command commands like root executing, i.e. taking over the entire system without the user noticing.
–
Old versions still vulnerable
macOS Catalina and macOS Mojave are still getting security updates, but haven’t been updated yet. An update will probably follow soon. Until then, users of older versions of macOS would be well advised not to visit shady corners of the Internet or install apps from unknown sources.
For the connoisseur: the vulnerability is known under CVE-2021-30807. It concerned a vulnerability in the IOMobileFrameBuffer. This serves as a buffer for displaying content on the screen. The year 2021 is a difficult year for Apple in terms of security. Thirteen zero-day vulnerabilities in iOS and macOS have already been found and patched this year.
Reply to article:
macOS 11.5.1 fixes serious security flaw, old versions still vulnerable
–
–
–
Related posts: