Zero-Day Vulnerability in macOS and iOS (CVE-2021-30807)

Contents of The Article hide

5 References to Advisories, Solutions and Tools

Overview

Apple announced new security updates to patch for a zero-day vulnerability (CVE-2021-30807) that exist in macOS and iOS/iPadOS.

Description

Apple has released three updates for macOS, iOS and iPadOS to fix a security flaw, tracked as CVE-2021-30807, that stems from improper memory handling in the IOMobileFrameBuffer.

According to the announcement, Apple is aware of a report that the vulnerability may have been actively exploited in the wild. The company also shared that the vulnerability allows an application to be able to execute arbitrary code with kernel privileges.

The flaw is a Local Privilege Escalation vulnerability, i.e., it requires local access for the exploitation. However, the exploitation appears to be easy, especially given the fact that a public exploit has already been shared on GitHub soon after the Apple’s announcements.

Currently no further information is available about the vulnerability (CVE-2021-30807).

Impact

A local attacker who successfully exploits the CVE-2021-30807 by causing memory corruption in IOMobileFrameBuffer could execute arbitrary code with kernel privileges.

Impact Summary

Category: Local Privilege Escalation
CVSS 3.1 Base Score: N/A
CVSS 3.1 Vector: N/A

Solution (Update)

To defend against possible attacks due to this vulnerability (CVE-2021-30807), Apple released three updates this week: macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1. Affected products needs to be updated to the latest versions immediately.

Quote by Dan Farmer — Quote by *Dan Farmer*

If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.
Dan Farmer

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.