Zero-Day Bug Patch for Mac iPhone and Ipad Devices Released by Apple_TechnoidHost
Reading Time: 2 minutes

Zero-Day bug patch for Mac, iPhone, and Ipad devices released by Apple. The flaw is being actively exploited and it is the 13th vulnerability patched this year by Apple.

Earlier Apple released iOS 14.7, iPad OS 14.7, and macOS Big Sur 11.5 to the public. The latest updates will fix the memory corruption issue (CVE-2021-30807) present in the IOMobileFrameBuffer component. It is a kernel extension used to manage screen framebuffer. It can be abused to execute arbitrary code with kernel privileges.

Apple has credited the discovery and reporting of the vulnerability to an anonymous researcher. The company said the patch will improve memory handling, though did not mention anything about the issue the vulnerability may have actively exploited. The additional details about the flaw may have been withheld to prevent further weaponization of the vulnerability and launch of new attacks.

Pegasus software exploited by the NSO Group has also been in news, the timing of the current update raises eyebrows if these vulnerabilities were exploited by them.

Zero-Day Vulnerabilities Apple Addressed this Year

  • CVE-2021-1782 (Kernel) – A malicious application may be able to elevate privileges
  • CVE-2021-1870 (WebKit) – A remote attacker may be able to cause arbitrary code execution
  • CVE-2021-1871 (WebKit) – A remote attacker may be able to cause arbitrary code execution
  • CVE-2021-1879 (WebKit) – Processing maliciously crafted web content may lead to universal cross-site scripting
  • CVE-2021-30657 (System Preferences) – A malicious application may bypass Gatekeeper checks
  • CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30663 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30665 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30666 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30713 (TCC framework) – A malicious application may be able to bypass Privacy preferences
  • CVE-2021-30761 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30762 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution

It is highly recommended Apple users quickly update their devices to the latest version to stay clear of the risk associated with the flaw.

Related Articles:

Philips Vue PACS Medical Imaging Systems are Vulnerable to Hackers Latest Google Scorecards Tool Scans Open-Source Software For More Security Risks DoubleVPN Service Used by Cybercriminals Seized by Authorities

Published on: Jul 27, 2021 at 11:09 Edit

 

catgory hacking

tags Apple , cybersecurity