Zero-Day Vulnerability in macOS and iOS (CVE-2021-30807)

Contents of The Article hide

5 References to Advisories, Solutions and Tools

Overview

Apple announced new security updates to patch for a zero-day vulnerability (CVE-2021-30807) that exist in macOS and iOS/iPadOS.

Description

Apple has released three updates for macOS, iOS and iPadOS to fix a security flaw, tracked as CVE-2021-30807, that stems from improper memory handling in the IOMobileFrameBuffer.

According to the announcement, Apple is aware of a report that the vulnerability may have been actively exploited in the wild. The company also shared that the vulnerability allows an application to be able to execute arbitrary code with kernel privileges.

The flaw is a Local Privilege Escalation vulnerability, i.e., it requires local access for the exploitation. However, the exploitation appears to be easy, especially given the fact that a public exploit has already been shared on GitHub soon after the Apple’s announcements.

Currently no further information is available about the vulnerability (CVE-2021-30807).

Impact

A local attacker who successfully exploits the CVE-2021-30807 by causing memory corruption in IOMobileFrameBuffer could execute arbitrary code with kernel privileges.

Impact Summary

Category: Local Privilege Escalation
CVSS 3.1 Base Score: N/A
CVSS 3.1 Vector: N/A

Solution (Update)

To defend against possible attacks due to this vulnerability (CVE-2021-30807), Apple released three updates this week: macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1. Affected products needs to be updated to the latest versions immediately.

Quote by Dan Farmer — Quote by *Dan Farmer*

If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.
Dan Farmer

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

https://nvd.nist.gov (CVE-2021-30807)
Apple Security Updates – macOS (CVE-2021-30807)
Apple Security Updates – iOS and iPadOS (CVE-2021-30807)
IOMobileFrameBuffer Exploit Information on GitHub

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Zero-Day Vulnerability in macOS and iOS (CVE-2021-30807)

Overview

Description

Impact

Solution (Update)

References to Advisories, Solutions and Tools

Zero-Day Vulnerabilities in Google Chrome in 2022

Microsoft Patches 55 CVEs and 6 Zero-Days with November 2021 Updates

Static SSH Keys Vulnerability in Cisco Policy Suite (CVE-2021-40119)

Multiple Vulnerabilities on Cisco Catalyst PON Series Switches (CVE-2021-34795, CVE-2021-40113)

Google Patches 2 Zero-Days in Chrome Browser (CVE-2021-38000, CVE-2021-38003)

Adblock Detected!

Please consider allowing adds to support our free services.