Apple Urgently Patches Actively Exploited Vulnerabilities
The timing of this Apple’s urgent security update is sure to raise some questions as it’s happening in the same time frame as the Pegasus hacks. According to the reports, the spyware tool turned mobile phones of journalists, activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them.
The most recent 0-day bug patch that was released this Monday was in the line of 13 releases that Apple has made since the start of this year. Apple has fixed these vulnerabilities for all of their offerings including iOS, iPadOS, and macOS for which Apple claims that the flaw was actively being exploited, until after Apple released the patch.
The update fixes a memory corruption issue (CVE-2021-30807) in the IOMobileframeBuffer component, which is a kernel extension for managing the screen framebuffer. In essence, the flaw could be abused to execute arbitrary code with kernel privileges.
Apple claims that in addition to addressing the issue, they have also improved memory handling. Further details about the exploit have not been disclosed to prevent ill-usage of the information for more severe attacks. An anonymous researcher has been credited by Apple for discovering and reporting the vulnerability.
Here are the other 0-day vulnerabilities that Apple has patched in this year alone including CVE-2021-30807 update —
- CVE-2021-1782 (Kernel) – A malicious application may be able to elevate privileges
- CVE-2021-1870 (WebKit) – A remote attacker may be able to cause arbitrary code execution
- CVE-2021-1871 (WebKit) – A remote attacker may be able to cause arbitrary code execution
- CVE-2021-1879 (WebKit) – Processing maliciously crafted web content may lead to universal cross-site scripting
- CVE-2021-30657 (System Preferences) – A malicious application may bypass Gatekeeper checks
- CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30663 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30665 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30666 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30713 (TCC framework) – A malicious application may be able to bypass Privacy preferences
- CVE-2021-30761 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30762 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
Like any security vulnerability this one is not to be taken lightly considering the threats Apple devices have been exposed to lately. We highly recommend that you move quickly to update your devices to the latest version to avoid exposing your device to attacks associated with the flaw.
We specialize in delivering end-to-end software design & development services. Our mobile team and UI/UX designers are creative problem-solvers with a decade of experience in all facets of digital and interactive design. We create compelling and human-focused experiences delivered through clean, and minimalist UI. Click here for a free consultation!
About Galaxy WeblinksWe specialize in human-centric user experience design services to our clients across the globe. Our innovative ideas, creative designs, industry best practices, and processes help us improve user satisfaction and solve complex design problems. Contact us for a free consultation!
Developing apps for iOS and Android using one code base is a tempting proposition. With the introduction of React Na...
You‘re done with the various stages of development of your app and now are getting ready for deployment and a flashy...
A majority of people conduct their business on their smartphones. Moving to mobile is thus a smart way to reach your...
No software is perfect, just like humans. But the pursuit of perfection is not futile. If you look around the web y...
Apple in its annual WWDC made some game changing announcements like a new Mac Pro, an exclusive OS for iPad, iOS 13 r...