Apple actively fixes attacked zero-day leak in iOS, iPadOS and macOS

Apple has released a security update for iOS, iPadOS and macOS that fixes an actively attacked zero-day vulnerability, the tech company said. The vulnerability, designated CVE-2021-30807, resides in IOMobileFramebuffer, a kernel extension that allows developers to control how system memory is used for screen display.

The now-fixed vulnerability in the component allows an application to execute arbitrary code with kernel privileges. Now released iOS 14.7.1, iPadOS 14.7.1 and macOS Big Sur 11.5.1 to fix the issue. Updating can be done via the automatic update function and in the case of iOS and iPadOS also via iTunes.

The vulnerability was reported to Apple by an anonymous security researcher. The company has fixed 13 actively targeted zero-day vulnerabilities in iOS and macOS in recent months. Below the overview:

  • CVE-2021-1782 - iOS-kernel
  • CVE-2021-1870 - WebKit
  • CVE-2021-1871 - WebKit
  • CVE-2021-1879 - WebKit
  • CVE-2021-30657 - Gatekeeper
  • CVE-2021-30661 - WebKit
  • CVE-2021-30663 - WebKit
  • CVE-2021-30665 - WebKit
  • CVE-2021-30666 - WebKit
  • CVE-2021-30713 - TCC
  • CVE-2021-30761 - WebKit
  • CVE-2021-30762 - WebKit
  • CVE-2021-30807 - IOMobileFrameBuffer

Previous Post Next Post