Home / Threat Intelligence bulletins / SECURITY GUIDANCE - iOS 14.7.1 Critical Update

Wednesday 28th July 2021 16:30 PM (GMT). iOS 14.7.1 Critical Update. Quorum Cyber have produced the below Quick Info on how to protect your devices against this critical iOS vulnerability.

What is it?

Apple have released an update to address a memory corruption bug (CVE-2021-30807) in iOS which is reported to be actively exploited in the wild. This bug allows an application running on the device to execute code with kernel privileges. Although it’s still unconfirmed, the timing and nature of this update suggests that it may be the initial access method used by the NSO Group’s Pegasus malware.

What is the impact?

A remote attacker may be able to trigger system level code execution on a device. According to research by Amnesty International, the NSO group were able to exploit iMessage with no user interaction. This would only require the attacker to have the victim’s mobile number.

Alternatively, a malicious website could use this exploit to execute code at system level on the device. Either of these access vectors would grant an attacker control over the phone.

Are my systems vulnerable?

iPhones and iPads running iOS versions between 14.4 and 14.7 are vulnerable.

How do I mitigate this threat?

Apple say the update is available for:

“iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)”

To update the device go to

Settings > General > Software Update

This should either say “iOS is up to date” or give you the option to update.

Further Information

Apple Support