Apple Releases Pressing iPhone and iPad Updates to Patch New Zero-Day Vulnerability

Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability

Apple on Monday launched a safety replace for iOS and iPad to handle a essential vulnerability that it says is being exploited within the wild, making it the seventeenth zero-day flaw the corporate has addressed in its merchandise for the reason that begin of the 12 months.’

The weak spot, assigned the identifier CVE-2021-30883, issues a reminiscence corruption challenge within the “IOMobileFrameBuffer” element that might enable an software to execute arbitrary code with kernel privileges. Crediting an nameless researcher for reporting the vulnerability, Apple mentioned it is “conscious of a report that this challenge could have been actively exploited.”

Technical specifics in regards to the flaw and the character of the assaults stay unavailable as but, as is the identification of the risk actor, in order to permit a majority of the customers to use the patch and stop different adversaries from weaponizing the vulnerability. The iPhone maker mentioned it addressed the problem with improved reminiscence dealing with.

Automatic GitHub Backups

Safety researcher Saar Amar shared extra particulars, and a proof-of-concept (PoC) exploit, noting that “this assault floor is very fascinating as a result of it is accessible from the app sandbox (so it is nice for jailbreaks) and lots of different processes, making it a superb candidate for LPEs exploits in chains.”

CVE-2021-30883 can also be the second zero-day impacting IOMobileFrameBuffer after Apple addressed an identical, anonymously reported reminiscence corruption challenge (CVE-2021-30807) in July 2021, elevating the likelihood that the 2 flaws may very well be associated. With the newest repair, the corporate has resolved a report 17 zero-days up to now in 2021 alone —

  • CVE-2021-1782 (Kernel) – A malicious software might be able to elevate privileges
  • CVE-2021-1870 (WebKit) – A distant attacker might be able to trigger arbitrary code execution
  • CVE-2021-1871 (WebKit) – A distant attacker might be able to trigger arbitrary code execution
  • CVE-2021-1879 (WebKit) – Processing maliciously crafted net content material could result in common cross-site scripting
  • CVE-2021-30657 (System Preferences) – A malicious software could bypass Gatekeeper checks
  • CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted net content material could result in arbitrary code execution
  • CVE-2021-30663 (WebKit) – Processing maliciously crafted net content material could result in arbitrary code execution
  • CVE-2021-30665 (WebKit) – Processing maliciously crafted net content material could result in arbitrary code execution
  • CVE-2021-30666 (WebKit) – Processing maliciously crafted net content material could result in arbitrary code execution
  • CVE-2021-30713 (TCC framework) – A malicious software might be able to bypass Privateness preferences
  • CVE-2021-30761 (WebKit) – Processing maliciously crafted net content material could result in arbitrary code execution
  • CVE-2021-30762 (WebKit) – Processing maliciously crafted net content material could result in arbitrary code execution
  • CVE-2021-30807 (IOMobileFrameBuffer) – An software might be able to execute arbitrary code with kernel privileges
  • CVE-2021-30858 (WebKit) – Processing maliciously crafted net content material could result in arbitrary code execution
  • CVE-2021-30860 (CoreGraphics) – Processing a maliciously crafted PDF could result in arbitrary code execution
  • CVE-2021-30869 (XNU) – A malicious software might be able to execute arbitrary code with kernel privileges

Apple iPhone and iPad customers are extremely advisable to replace to the newest model (iOS 15.0.2 and iPad 15.0.2) to mitigate the safety vulnerability.



Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts