DIGITAL CONTENT CREATOR

Earlier this week, Apple announced security patches for various weaknesses in iOS, macOS, tvOS, and watchOS, including a remote jailbreak exploit chain and several critical flaws in the Kernel and Safari web browser. These vulnerabilities were initially revealed in October at the International Cyber Security Contest Tianfu Cup in China.

The vulnerability, identified as CVE-2021-30955, could have allowed a malicious program to run arbitrary code with kernel privileges. According to Apple, the problem has been addressed by implementing “improved state handling.” macOS devices are also affected by this issue.

Kunlun Lab’s chief executive, @mj0011sec tweeted:

What Other Vulnerabilities Were Fixed?

According to The Hacker News, in addition to the kernel bug CVE-2021-30955, five Kernel and four IOMobileFrameBuffer (a kernel extension for controlling the screen framebuffer) issues were fixed with the latest patches:

  • CVE-2021-30927 and CVE-2021-30980: A use after free issue that could allow a rogue application to run arbitrary code with kernel privileges.
  • CVE-2021-30937: A memory corruption vulnerability that could allow a rogue application to run arbitrary code with kernel privileges.
  • CVE-2021-30949: A memory corruption issue that could allow a rogue application to run arbitrary code with kernel privileges.
  • CVE-2021-30993: A buffer overflow issue that could allow an attacker in a privileged network position may be able to execute arbitrary code.
  • CVE-2021-30983: A buffer overflow issue that could allow an application to run arbitrary code with kernel privileges.
  • CVE-2021-30985: An out-of-bounds write issue that could allow a rogue application to run arbitrary code with kernel privileges.
  • CVE-2021-30991: An out-of-bounds read issue that could allow a malicious application to run arbitrary code with kernel privileges.
  • CVE-2021-30996: A race condition that could allow a rogue application to run arbitrary code with kernel privileges.

On the macOS front, the tech giant patched a vulnerability in the Wi-Fi module (CVE-2021-30938) that might allow a local user on the system to cause unexpected system shutdown and potentially access kernel information.

According to Google, the issue was reported by Xinru Chi of Pangu Lab.

Apple also patched seven more security weaknesses in the WebKit component, a browser engine developed by Apple that is widely utilized in its Safari web browser as well as all iOS web browsers:

  • CVE-2021-30934,
  • CVE-2021-30936,
  • CVE-2021-30951,
  • CVE-2021-30952,
  • CVE-2021-30953,
  • CVE-2021-30954,
  • CVE-2021-30984.

As explained by The Hacker News, these weaknesses could potentially result in a scenario where processing specially crafted web content may lead to arbitrary code execution.

Apple also fixed a couple of bugs in the Notes and Password Manager applications in iOS that may allow someone with physical access to an iOS device to access contacts from the lock screen and get saved passwords without requiring authentication.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Apple IOS Zero-day Vulnerabilities Running Rampant in 2021

How to Spot and Prevent Apple ID Phishing Scams

Apple Fixes MacOS Vulnerability Exploited by XCSSET Malware

New Malware Targets iOS Developers in Supply-Chain Attack

Is Apple Pay Safe? Answering All Your Questions and More

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP