Overview
Apple announced new security updates to patch for a zero-day vulnerability (CVE-2021-30807) that exist in macOS and iOS/iPadOS.
Description
Apple has released three updates for macOS, iOS and iPadOS to fix a security flaw, tracked as CVE-2021-30807, that stems from improper memory handling in the IOMobileFrameBuffer.
According to the announcement, Apple is aware of a report that the vulnerability may have been actively exploited in the wild. The company also shared that the vulnerability allows an application to be able to execute arbitrary code with kernel privileges.
The flaw is a Local Privilege Escalation vulnerability, i.e., it requires local access for the exploitation. However, the exploitation appears to be easy, especially given the fact that a public exploit has already been shared on GitHub soon after the Apple’s announcements.
Currently no further information is available about the vulnerability (CVE-2021-30807).
Impact
A local attacker who successfully exploits the CVE-2021-30807 by causing memory corruption in IOMobileFrameBuffer could execute arbitrary code with kernel privileges.
Impact Summary
Category: Local Privilege Escalation
CVSS 3.1 Base Score: N/A
CVSS 3.1 Vector: N/A
Solution (Update)
To defend against possible attacks due to this vulnerability (CVE-2021-30807), Apple released three updates this week: macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1. Affected products needs to be updated to the latest versions immediately.

If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.
Dan Farmer
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
- https://nvd.nist.gov (CVE-2021-30807)
- Apple Security Updates – macOS (CVE-2021-30807)
- Apple Security Updates – iOS and iPadOS (CVE-2021-30807)
- IOMobileFrameBuffer Exploit Information on GitHub
To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?