Apple may have patched flaw used by Pegasus in iOS 14.7.1

How to use widgets on your iPhone Home screen
How to use widgets on your iPhone Home screen (Image credit: Joseph Keller / iMore)

What you need to know

  • Apple has released iOS 14.7.1.
  • It appears to have patched a vulnerability that made it possible to install Pegasus spyware on an iPhone with no user input.

It appears that Apple has likely patched a vulnerability in its iPhone software with the latest version of iOS 14 that was exploited by Pegasus spyware, according to recent reports.

The Register notes that iOS 14.7.1 came out Monday, and in all likelihood patched a vulnerability in iOS 14.6:

Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.CVE-2021-30807, credited to an anonymous researcher, has been addressed by undisclosed but purportedly improved memory handling code.

Apple's traditionally bland software notes simply said "An application may be able to execute arbitrary code with kernel privileges... Apple is aware of a report that this issue may have been actively exploited."

There's no way that Apple would be forthcoming about what specific issue was patched or whether it relates to recent stories about NSO Group and its Pegasus spyware, reportedly used to target the phones of journalists and activists as well as government officials. A report previously noted the software could be installed on the iPhone without any user input.

iOS 14.7.1 also helped to fix a bug that stopped Touch ID iPhones from unlocking Apple Watch, you can read about that fix here.

Stephen Warwick
News Editor

Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9