Apple releases fix for iOS and macOS zero-day, 13th this year
Apple has released patches today for iOS, iPadOS, and macOS to address a zero-day vulnerability that the company says has been exploited in the wild.
Tracked as CVE-2021-30807, Apple said the zero-day impacts IOMobileFramebuffer, a kernel extension that allows developers to control how a device's memory handles the screen display—the screen framebuffer, to be more exact.
According to Apple, an application may exploit CVE-2021-30807 to execute arbitrary code with kernel privileges on a vulnerable and unpatched device.
Gaining access to kernel privileges effectively gives attackers full control over a device, may it be an iPhone, iPad, or macOS notebook or desktop.
In security advisories for iOS/iPadOS and macOS today, Apple said it was aware of a report that this vulnerability might have been exploited in the wild, but the company did not elaborate.
An Apple spokesperson did not return a request for comment seeking additional details.
Shortly after this article went live, a security researcher published proof-of-concept code for the CVE-2021-30807 vulnerability on their Twitter timeline. A second security researcher, who claims to have found the same bug independently, also published a detailed write-up of the issue, which he said he was preparing to report to Apple before he was surprised to find out today that the OS maker had already patched.
Apple encourages users to update to macOS Big Sur 11.5.1, iOS 14.7.1, and iPadOS 14.7.1, versions it released today to address the CVE-2021-30807 vulnerability.
The updates are available for macOS notebooks and desktops, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
While there is a pretty solid chance that this "zero-day" might be an new exploit used by the iOS jailbreaking community to root iPhones, it is also unclear if today's zero-day is in any way related to NSO Group, an Israeli company that sells iPhone hacking tools to governments around the world, and who was recently at the center of a large number of investigative reports that have exposed some of its past hacking.
Today's patches mark the 13th zero-day Apple has patched this year. Previous zero-days included:
| CVE | Patch date | Description |
|---|---|---|
| CVE-2021-1782 | February 1 | A zero-day impacting the macOS, iOS, iPadOS, watchOS, and tvOS kernels. |
| CVE-2021-1870 | February 1 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-1871 | February 1 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-1879 | March 26 | WebKit bug impacting both old and new-gen iOS, iPadOS, and watchOS |
| CVE-2021-30657 | April 26 | macOS Gatekeeper bypass abused by Shlayer malware |
| CVE-2021-30661 | April 26 | WebKit zero-day impacting old and new-gen iOS, iPadOS, watchOS, and tvOS. |
| CVE-2021-30663 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30665 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30666 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30713 | May 24 | macOS TCC bypass abused by XCSSET malware |
| CVE-2021-30761 | June 14 | WebKit zero-day impacting old-gen iOS devices |
| CVE-2021-30762 | June 14 | WebKit zero-day impacting old-gen iOS devices |
Article updated to add tweet containing PoC exploit.
Catalin Cimpanu
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.