Zero-Day Vulnerability Impacting iOS, iPadOS, and macOS Fixed by Apple

Yesterday, Apple has released patches for iPhones, iPads, and Macs to tackle a zero-day vulnerability that the organization states has been exploited in the wild and could enable cybercriminals to take over a device.

What Is a Zero-Day Vulnerability?

As my colleague Cezarina has already explained in her article – What Is a Zero-Day Vulnerability? , the term “Zero-day” is an imaginative time, as this type of cyberattack happens in less than a day since the awareness of the security flaw. Thereby, not giving developers ample time to eradicate or mitigate the potential risks associated with this vulnerability. In zero-day attacks, software vendors are reactive, not proactive. Therefore, since patches have not yet been released, the attackers are already making their move.

A zero-day attack occurs when hackers exploit a vulnerability window and then launch a direct attack using that vulnerability. What makes zero-day exploits so dangerous is that the only ones who know about them are the attackers themselves. Hackers can attack immediately or take advantage of their weakness, waiting for the right moment to strike.

According to Apple, the vulnerability, tracked as CVE-2021-30807 affects IOMobileFramebuffer, a kernel extension that enables developers to control how a device’s memory handles the screen display.

Apple has fixed the vulnerability, that allows applications to perform arbitrary code with kernel privileges on a vulnerable and unpatched device, by improving memory handling in iOS 14.7.1, iPadOS 14.7.1, and macOS Big Sur 11.5.1.

According to the outlet, obtaining access to kernel privileges gives cyber criminals complete control of a device.

In security advisories published yesterday, Apple stated it was aware that this vulnerability might have been exploited in the wild, but the tech giant did not give more details.

While there is a possibility that this zero-day vulnerability might be a new exploit used by the iOS jailbreaking community to root iPhones, it is also not clear if today’s zero-day is in any way linked to NSO Group, an Israeli company that sells iPhone hacking tools to governments all over the world.

Today’s update reportedly marks the 13th zero-day patch Apple has launched so far in 2021. Previous zero-days included:

Apple is urging its customers to update to the macOS Big Sur 11.5.1, iOS 14.7.1, and iPadOS 14.7.1 versions it released yesterday to address the bug.

The updates are available for macOS notebooks and desktops, iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Antonia Din

PR & Video Content Manager

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Comments

Klaus Rathmann on July 29, 2021 at 4:58 pm

Danke für Ihre Info´s.
Ich bin seit 20 Jahren Rentner und habe mich seit langem nicht mehr um PC und Datentechnik gekümmert, es fehlt mir daher die Kompetenz hier Kommentare abzugeben. Ich muß mich erst wieder einlesen.
mfg Klaus Rathmann

Reply

Leave a Reply(Cancel Reply)

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.