Apple Patches Zero-Day Vulnerability in iOS, iPadOS, macOS Under Active Attack

by
martyb
from SoylentNews on (#5MP95)

upstart writes:

Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack:

Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.

CVE-2021-30807, credited to an anonymous researcher, has been addressed by undisclosed but purportedly improved memory handling code.

"An application may be able to execute arbitrary code with kernel privileges," the iDevice maker said in one of its duplicative advisories. "Apple is aware of a report that this issue may have been actively exploited."

Apple did not, however, say who might be involved in the exploitation of this bug. Nor did the company respond to a query about whether the bug has been exploited by NSO Group's Pegasus surveillance software.

[...] Shortly after Apple's advisory was published, PoC exploit code was posted via Twitter

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments