Apple Urgently Patches Actively Exploited Vulnerabilities

The timing of this Apple’s urgent security update is sure to raise some questions as it’s happening in the same time frame as the Pegasus hacks. According to the reports, the spyware tool turned mobile phones of journalists, activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them. 

The most recent 0-day bug patch that was released this Monday was in the line of 13 releases that Apple has made since the start of this year. Apple has fixed these vulnerabilities for all of their offerings including iOS, iPadOS, and macOS for which Apple claims that the flaw was actively being exploited, until after Apple released the patch. 

The update fixes a memory corruption issue (CVE-2021-30807) in the IOMobileframeBuffer component, which is a kernel extension for managing the screen framebuffer. In essence, the flaw could be abused to execute arbitrary code with kernel privileges. 

Apple claims that in addition to addressing the issue, they have also improved memory handling. Further details about the exploit have not been disclosed to prevent ill-usage of the information for more severe attacks. An anonymous researcher has been credited by Apple for discovering and reporting the vulnerability. 

Here are the other 0-day vulnerabilities that Apple has patched in this year alone including CVE-2021-30807 update —

  • CVE-2021-1782 (Kernel) – A malicious application may be able to elevate privileges
  • CVE-2021-1870 (WebKit) – A remote attacker may be able to cause arbitrary code execution
  • CVE-2021-1871 (WebKit) – A remote attacker may be able to cause arbitrary code execution
  • CVE-2021-1879 (WebKit) – Processing maliciously crafted web content may lead to universal cross-site scripting
  • CVE-2021-30657 (System Preferences) – A malicious application may bypass Gatekeeper checks
  • CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30663 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30665 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30666 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30713 (TCC framework) – A malicious application may be able to bypass Privacy preferences
  • CVE-2021-30761 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2021-30762 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution

Like any security vulnerability this one is not to be taken lightly considering the threats Apple devices have been exposed to lately. We highly recommend that you move quickly to update your devices to the latest version to avoid exposing your device to attacks associated with the flaw.

About Galaxy

We specialize in delivering end-to-end software design & development services. Our mobile team and UI/UX designers are creative problem-solvers with a decade of experience in all facets of digital and interactive design. We create compelling and human-focused experiences delivered through clean, and minimalist UI. Click here for a free consultation!

By Admin
Share This Story, Choose Your Platform!

Related Posts

CraftCMS Pros and Cons — A Quick Guide

What is CMS (Content Management System)? A content management application used for creating, editing, and publishing content. Allow multiple users …

4 Benefits of Digital Transformation in Healthcare

Technology continues to deliver excellence and performance to modern-day businesses. Enterprises globally are keen to adopt technology to scale their …

Moving Forward in 2022, With a Retrospect on 2021!

With a commitment to vaccines and the hope of smiling without face masks, 2021 was indeed a year to remember. …

5 Steps for Effective Performance Testing: A Practical Guide

Applications are becoming increasingly complex and with a reduced development cycle. This necessitates the adoption of new, agile development and …

Like our blogs? Get the latest ones directly in your inbox