Apple may have patched flaw used by Pegasus in iOS 14.7.1

It appears that Apple has likely patched a vulnerability in its iPhone software with the latest version of iOS 14 that was exploited by Pegasus spyware, according to recent reports.

The Register notes that iOS 14.7.1 came out Monday, and in all likelihood patched a vulnerability in iOS 14.6:

Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.

CVE-2021-30807, credited to an anonymous researcher, has been addressed by undisclosed but purportedly improved memory handling code.

Apple's traditionally bland software notes simply said "An application may be able to execute arbitrary code with kernel privileges... Apple is aware of a report that this issue may have been actively exploited."

There's no way that Apple would be forthcoming about what specific issue was patched or whether it relates to recent stories about NSO Group and its Pegasus spyware, reportedly used to target the phones of journalists and activists as well as government officials. A report previously noted the software could be installed on the iPhone without any user input.

iOS 14.7.1 also helped to fix a bug that stopped Touch ID iPhones from unlocking Apple Watch, you can read about that fix here.