Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
    Dublin
  • County:
    Dublin
  • Country:
    Ireland
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

July 27, 2021

Apple on Monday rolled out an pressing safety replace for iOS, iPadOS, and macOS to deal with a zero-day flaw that it mentioned could have been actively exploited, making it the thirteenth such vulnerability Apple has patched because the begin of this yr.

The updates, which arrive lower than every week after the corporate launched iOS 14.7, iPadOS 14.7, and macOS Massive Sur 11.5 to the general public, fixes a reminiscence corruption challenge (CVE-2021-30807) within the IOMobileFrameBuffer part, a kernel extension for managing the display screen framebuffer, that could possibly be abused to execute arbitrary code with kernel privileges.

The corporate mentioned it addressed the problem with improved reminiscence dealing with, noting it is “conscious of a report that this challenge could have been actively exploited.” As is often the case, extra particulars concerning the flaw haven’t been disclosed to stop the weaponization of the vulnerability for added assaults. Apple credited an nameless researcher for locating and reporting the vulnerability.

Stack Overflow Teams

The timing of the replace additionally raises questions on whether or not the zero-day had any position in compromising iPhones utilizing NSO Group’s Pegasus software, which has grow to be the main focus of a collection of investigative reports which have uncovered how the spy ware device turned cellphones of journalists, human rights activists, and others into transportable surveillance gadgets, granting full entry to delicate info saved in them.

CVE-2021-30807 can be the thirteenth zero-day vulnerability addressed by Apple this yr alone, together with —

  • CVE-2021-1782 (Kernel) – A malicious software could possibly elevate privileges
  • CVE-2021-1870 (WebKit) – A distant attacker could possibly trigger arbitrary code execution
  • CVE-2021-1871 (WebKit) – A distant attacker could possibly trigger arbitrary code execution
  • CVE-2021-1879 (WebKit) – Processing maliciously crafted internet content material could result in common cross-site scripting
  • CVE-2021-30657 (System Preferences) – A malicious software could bypass Gatekeeper checks
  • CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30663 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30665 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30666 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30713 (TCC framework) – A malicious software could possibly bypass Privateness preferences
  • CVE-2021-30761 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution
  • CVE-2021-30762 (WebKit) – Processing maliciously crafted internet content material could result in arbitrary code execution

Given the public availability of a proof-of-concept (PoC) exploit, it is extremely really helpful that customers transfer shortly to replace their gadgets to the most recent model to mitigate the chance related to the flaw.

Posted in SecurityTags:
Write a comment