Apple Releases Pressing iPhone and iPad Updates to Patch New Zero-Day Vulnerability


Apple on Monday launched a safety replace for iOS and iPad to handle a essential vulnerability that it says is being exploited within the wild, making it the seventeenth zero-day flaw the corporate has addressed in its merchandise for the reason that begin of the yr.’

The weak point, assigned the identifier CVE-2021-30883, issues a reminiscence corruption concern within the “IOMobileFrameBuffer” element that would permit an utility to execute arbitrary code with kernel privileges. Crediting an nameless researcher for reporting the vulnerability, Apple stated it is “conscious of a report that this concern could have been actively exploited.”

Technical specifics in regards to the flaw and the character of the assaults stay unavailable as but, as is the id of the risk actor, in order to permit a majority of the customers to use the patch and stop different adversaries from weaponizing the vulnerability. The iPhone maker stated it addressed the difficulty with improved reminiscence dealing with.

Automatic GitHub Backups

Safety researcher Saar Amar shared further particulars, and a proof-of-concept (PoC) exploit, noting that “this assault floor is extremely attention-grabbing as a result of it is accessible from the app sandbox (so it is nice for jailbreaks) and lots of different processes, making it a great candidate for LPEs exploits in chains.”

CVE-2021-30883 can also be the second zero-day impacting IOMobileFrameBuffer after Apple addressed the same, anonymously reported reminiscence corruption concern (CVE-2021-30807) in July 2021, elevating the likelihood that the 2 flaws could possibly be associated. With the newest repair, the corporate has resolved a report 17 zero-days thus far in 2021 alone —

  • CVE-2021-1782 (Kernel) – A malicious utility could possibly elevate privileges
  • CVE-2021-1870 (WebKit) – A distant attacker could possibly trigger arbitrary code execution
  • CVE-2021-1871 (WebKit) – A distant attacker could possibly trigger arbitrary code execution
  • CVE-2021-1879 (WebKit) – Processing maliciously crafted internet content material could result in common cross-site scripting
  • CVE-2021-30657 (System Preferences) – A malicious utility could bypass Gatekeeper checks
  • CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30663 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30665 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30666 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30713 (TCC framework) – A malicious utility could possibly bypass Privateness preferences
  • CVE-2021-30761 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30762 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30807 (IOMobileFrameBuffer) – An utility could possibly execute arbitrary code with kernel privileges
  • CVE-2021-30858 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30860 (CoreGraphics) – Processing a maliciously crafted PDF could result in arbitrary code execution
  • CVE-2021-30869 (XNU) – A malicious utility could possibly execute arbitrary code with kernel privileges

Apple iPhone and iPad customers are extremely beneficial to replace to the newest model (iOS 15.0.2 and iPad 15.0.2) to mitigate the safety vulnerability.



Leave A Reply

Your email address will not be published.