An anonymous Apple researcher found a security flaw in Macs and iPhones that hackers are actively exploiting. The vulnerability goes by CVE-2021-30807, with the researcher stating:
“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.”
The Zero-Day vulnerability critical vulnerability exists in both Mac computers and iPhones which hackers are aware of exploiting.
The vulnerability was allegedly found in the
IOMobileFrameBuffer kernel code, an element that helps applications set up and use your device or computer’s display. The security gap allows a hacker to manipulate administrative privileges, giving them access to the kernel which allows them to do just about anything.
What Can You Do?
Patch right now! Apple users haven’t been notified by Apple yet (oddly enough), but you can update your device manually right now by following the instructions below for each device.
iPhones – Settings > General > Software Update > Download & Install
Macs – Apple Menu (top left) > System Preferences > Software Update > Update Now
Other CyberHoot Best Practices
Company’s need to take proactive measures to reduce their chances of being victimized by a cyber attack. CyberHoot recommends the taking following steps to prepare for, limit damages, and sometimes avoid cyber attacks:
- Adopt two-factor authentication on all critical Internet-accessible services
- Adopt a password manager for better personal/work password hygiene
- Require 14+ character Passwords in your Governance Policies
- Deploy an Anti-Malware/Anti-Virus Solution to actively scan for vulnerabilities
- Follow a 3-2-1 backup method for all critical and sensitive data
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Document and test Business Continuity Disaster Recovery (BCDR) plans
- Perform a risk assessment every two to three years
Start building your robust, defense-in-depth cybersecurity plan today with CyberHoot.