Apple users should take a quick glimpse at their notification area for a critical security update pushed live on July 26, 2021. The unscheduled security update patches a zero-day vulnerability under active exploitation, covering iOS, iPadOS, and macOS.

The latest critical security update delivered by Apple comes just weeks after a similar issue. In that case, the patch fixed more than 30 different security issues and comes at a time when it appears Apple is playing vulnerability whack-a-mole.

Indeed, more than a dozen zero-day exploits have been disclosed this year alone, although not all vulnerabilities affect all of Apple's operating systems.

Apple: Patch Your Devices Immediately

The vulnerability at the route of the issue, CVE-2021-30807, exploits a vulnerability in the iGiant IOMobileFrameBuffer and, if abused, could allow an attacker to run malicious code on the target device.

Although the identity of the security researcher who uncovered the vulnerability is unknown, a security researcher posted a proof-of-concept for the exploit on Twitter.

Furthermore, a second security researcher, Saar Armar, claims to have found the kernel exploit separately. After Apple issued iOS 14.7.1 to patch the vulnerability, the researcher "was surprised" to find the exploit no longer active and decided to write up his research detailing the issue.

But while Apple did reveal that the zero-day vulnerability was under active exploitation, it didn't allude as to whom may be exploiting it or the number of potential attacks relating to this issue.

Related: iOS 14.5.1 and Other Apple OS Updates Fix a Vulnerability That May Have Been Exploited

Who Will the Vulnerability Affect?

As Apple appears to have moved swiftly on patching this zero-day exploit, the number of victims will remain unknown. The important thing is to check your system updates and install any pending updates.

On iOS and iPadOS:

  1. Head to Settings > General > Software Update
  2. Tap Download and Install

On macOS:

  1. Head to Apple menu
  2. Click Software Update
  3. Click Update Now

You may have to restart your device after installing the update.

What Is a Zero-Day Vulnerability?

A zero-day exploit is a previously unreleased security vulnerability an attacker uses to breach a site, service, or otherwise. As the security and tech companies are unaware of its existence, it remains unpatched and vulnerable.

In this case, a security researcher discovered a vulnerability affecting each of Apple's operating systems that, if exploited, would allow the attacker to run code as if it were the device user. When that happens, the attacker can run malicious code to steal data, credentials, and more, which is why Apple pushed a fix for the issue live as quickly as possible.

Although zero-day vulnerabilities are new and unexpected exploits found in existing code, keeping your device up to date is always the best option.