Apple releases fix for iOS and macOS zero-day, 13th this year

Apple has released patches today for iOS, iPadOS, and macOS to address a zero-day vulnerability that the company says has been exploited in the wild.

Tracked as CVE-2021-30807, Apple said the zero-day impacts IOMobileFramebuffer, a kernel extension that allows developers to control how a device's memory handles the screen display—the screen framebuffer, to be more exact.

According to Apple, an application may exploit CVE-2021-30807 to execute arbitrary code with kernel privileges on a vulnerable and unpatched device.

Gaining access to kernel privileges effectively gives attackers full control over a device, may it be an iPhone, iPad, or macOS notebook or desktop.

In security advisories for iOS/iPadOS and macOS today, Apple said it was aware of a report that this vulnerability might have been exploited in the wild, but the company did not elaborate.

An Apple spokesperson did not return a request for comment seeking additional details.

Shortly after this article went live, a security researcher published proof-of-concept code for the CVE-2021-30807 vulnerability on their Twitter timeline. A second security researcher, who claims to have found the same bug independently, also published a detailed write-up of the issue, which he said he was preparing to report to Apple before he was surprised to find out today that the OS maker had already patched.

Apple encourages users to update to macOS Big Sur 11.5.1, iOS 14.7.1, and iPadOS 14.7.1, versions it released today to address the CVE-2021-30807 vulnerability.

The updates are available for macOS notebooks and desktops, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

While there is a pretty solid chance that this "zero-day" might be an new exploit used by the iOS jailbreaking community to root iPhones, it is also unclear if today's zero-day is in any way related to NSO Group, an Israeli company that sells iPhone hacking tools to governments around the world, and who was recently at the center of a large number of investigative reports that have exposed some of its past hacking.

Today's patches mark the 13th zero-day Apple has patched this year. Previous zero-days included:

CVEPatch dateDescription
CVE-2021-1782February 1A zero-day impacting the macOS, iOS, iPadOS, watchOS, and tvOS kernels.
CVE-2021-1870February 1WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-1871February 1WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-1879March 26WebKit bug impacting both old and new-gen iOS, iPadOS, and watchOS
CVE-2021-30657April 26macOS Gatekeeper bypass abused by Shlayer malware
CVE-2021-30661April 26WebKit zero-day impacting old and new-gen iOS, iPadOS, watchOS, and tvOS.
CVE-2021-30663May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30665May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30666May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30713May 24macOS TCC bypass abused by XCSSET malware
CVE-2021-30761June 14WebKit zero-day impacting old-gen iOS devices
CVE-2021-30762June 14WebKit zero-day impacting old-gen iOS devices

Article updated to add tweet containing PoC exploit.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.