One week after seeding watchOS 7.6 to the public, Apple is now releasing watchOS 7.6.1. With this version, the company addresses an important security fix.
According to Apple’s security notes, watchOS 7.6.1 fixed an IOMobileFrameBuffer flaw that could have been actively exploited to execute arbitrary code with kernel privileges.
IOMobileFrameBuffer
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30807: an anonymous researcher
Three days ago, Apple also released iOS 14.7.1 and macOS Big Sur 11.5.1. All of these versions brought ‘important security updates’.
With iOS 14.7.1, Apple introduced a bug affecting the integration between iPhone and iPad, which Apple explained in a support document:
When you have Unlock with iPhone turned on, unlocking your iPhone unlocks your Apple Watch as long as you’re wearing it. An issue in iOS 14.7 affects the ability of iPhone models with Touch ID to unlock Apple Watch.
Apple promised an update for this issue last week, and that is what has rolled out to iPhone users. Apple wrote in the release notes:
iOS 14.7.1 fixes an issue where iPhone models with Touch ID cannot unlock a paired Apple Watch using the Unlock with iPhone feature. This update also provides important security updates and is recommended for all users.
For macOS Big Sur 11.5.1, it fixed an IOMobileFrameBuffer flaw that could have been actively exploited to execute arbitrary code with kernel privileges.
IOMobileFrameBuffer
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30807: an anonymous researcher
With watchOS 7.6 Apple brought the ECG app and irregular heart rhythm notifications to 30 additional countries and version 7.6.1 a security fix.
FTC: We use income earning auto affiliate links. More.
Comments