iphone-ios

Apple releases fix for iOS and macOS zero-day, 13th this year

Apple has released patches today for iOS, iPadOS, and macOS to address a zero-day vulnerability that the company says has been exploited in the wild.

Tracked as CVE-2021-30807, Apple said the zero-day impacts IOMobileFramebuffer, a kernel extension that allows developers to control how a device's memory handles the screen display—the screen framebuffer, to be more exact.

According to Apple, an application may exploit CVE-2021-30807 to execute arbitrary code with kernel privileges on a vulnerable and unpatched device.

Gaining access to kernel privileges effectively gives attackers full control over a device, may it be an iPhone, iPad, or macOS notebook or desktop.

In security advisories for iOS/iPadOS and macOS today, Apple said it was aware of a report that this vulnerability might have been exploited in the wild, but the company did not elaborate.

An Apple spokesperson did not return a request for comment seeking additional details.

Shortly after this article went live, a security researcher published proof-of-concept code for the CVE-2021-30807 vulnerability on their Twitter timeline. A second security researcher, who claims to have found the same bug independently, also published a detailed write-up of the issue, which he said he was preparing to report to Apple before he was surprised to find out today that the OS maker had already patched.

https://twitter.com/b1n4r1b01/status/1419734027565617165

Apple encourages users to update to macOS Big Sur 11.5.1, iOS 14.7.1, and iPadOS 14.7.1, versions it released today to address the CVE-2021-30807 vulnerability.

The updates are available for macOS notebooks and desktops, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

While there is a pretty solid chance that this "zero-day" might be an new exploit used by the iOS jailbreaking community to root iPhones, it is also unclear if today's zero-day is in any way related to NSO Group, an Israeli company that sells iPhone hacking tools to governments around the world, and who was recently at the center of a large number of investigative reports that have exposed some of its past hacking.

Today's patches mark the 13th zero-day Apple has patched this year. Previous zero-days included:

CVEPatch dateDescription
CVE-2021-1782February 1A zero-day impacting the macOS, iOS, iPadOS, watchOS, and tvOS kernels.
CVE-2021-1870February 1WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-1871February 1WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-1879March 26WebKit bug impacting both old and new-gen iOS, iPadOS, and watchOS
CVE-2021-30657April 26macOS Gatekeeper bypass abused by Shlayer malware
CVE-2021-30661April 26WebKit zero-day impacting old and new-gen iOS, iPadOS, watchOS, and tvOS.
CVE-2021-30663May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30665May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30666May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30713May 24macOS TCC bypass abused by XCSSET malware
CVE-2021-30761June 14WebKit zero-day impacting old-gen iOS devices
CVE-2021-30762June 14WebKit zero-day impacting old-gen iOS devices

Article updated to add tweet containing PoC exploit.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

No previous article
No new articles