Apple Security Patches has released an urgent update to address a critical zero-day vulnerability that is being exploited in the wild. The vulnerability, tracked as CVE-2021-30807 and affects iOS, iPadOS, and macOS devices. This vulnerability exists due to a memory corruption issue in the IOMobileFrameBuffer component, a kernel extension for managing the screen frame buffer. It allows an attacker to execute arbitrary code with kernel privileges. Also, a vulnerability management tool can remediate this vulnerability.
Apple has released this update at a time when there are reports of a vulnerability in iMessage used by the Pegasus spyware for surveillance on dissidents, activists, human rights lawyers, and opposition politicians using Apple devices. Although the current Apple advisory does not mention this update includes a fix for the iMessage vulnerability also, few researchers believe in this possibility. A patch management solution can fix this vulnerability using a patch.
A long list of Zero-Days
CVE-2021-30807 adds to the long list of zero-days fixed by Apple this year. With most of them exploited in the wild, the list includes
- CVE-2021-1782: Privilege Escalation
- CVE-2021-1870: Arbitrary Code Execution
- CVE-2021-1871: Arbitrary Code Execution
- CVE-2021-1879: Cross-site Scripting
- CVE-2021-30657: Bypass Gatekeeper
- CVE-2021-30661: Arbitrary Code Execution
- CVE-2021-30663: Arbitrary Code Execution
- CVE-2021-30665: Arbitrary Code Execution
- CVE-2021-30666: Arbitrary Code Execution
- CVE-2021-30713: Bypass Privacy Preferences
- CVE-2021-30761: Arbitrary Code Execution
- CVE-2021-30762: Arbitrary Code Execution
Non patched endpoints are advised to deploy patches ASAP.
- iOS before version 14.7.1
- iPadOS before version 14.7.1
- macOS Big Sur before version 11.5.1
A memory corruption issue allows attackers to execute arbitrary code on the affected system.
- iOS 14.7.1
- iPadOS 14.7.1
- macOS Big Sur 11.5.1
SanerNow detects these vulnerabilities and automatically fixes them through patch management by applying security updates. We strongly recommend applying the security updates as soon as possible following the instructions published in our support article.