Yesterday, Apple has released patches for iPhones, iPads, and Macs to tackle a zero-day vulnerability that the organization states has been exploited in the wild and could enable cybercriminals to take over a device.
What Is a Zero-Day Vulnerability?
As my colleague Cezarina has already explained in her article – What Is a Zero-Day Vulnerability? , the term “Zero-day” is an imaginative time, as this type of cyberattack happens in less than a day since the awareness of the security flaw. Thereby, not giving developers ample time to eradicate or mitigate the potential risks associated with this vulnerability. In zero-day attacks, software vendors are reactive, not proactive. Therefore, since patches have not yet been released, the attackers are already making their move.
A zero-day attack occurs when hackers exploit a vulnerability window and then launch a direct attack using that vulnerability. What makes zero-day exploits so dangerous is that the only ones who know about them are the attackers themselves. Hackers can attack immediately or take advantage of their weakness, waiting for the right moment to strike.
According to Apple, the vulnerability, tracked as CVE-2021-30807 affects IOMobileFramebuffer, a kernel extension that enables developers to control how a device’s memory handles the screen display.
Apple has fixed the vulnerability, that allows applications to perform arbitrary code with kernel privileges on a vulnerable and unpatched device, by improving memory handling in iOS 14.7.1, iPadOS 14.7.1, and macOS Big Sur 11.5.1.
According to the outlet, obtaining access to kernel privileges gives cyber criminals complete control of a device.
In security advisories published yesterday, Apple stated it was aware that this vulnerability might have been exploited in the wild, but the tech giant did not give more details.
While there is a possibility that this zero-day vulnerability might be a new exploit used by the iOS jailbreaking community to root iPhones, it is also not clear if today’s zero-day is in any way linked to NSO Group, an Israeli company that sells iPhone hacking tools to governments all over the world.
Today’s update reportedly marks the 13th zero-day patch Apple has launched so far in 2021. Previous zero-days included:
| CVE | Patch date | Description |
|---|---|---|
| CVE-2021-1782 | February 1 | A zero-day impacting the macOS, iOS, iPadOS, watchOS, and tvOS kernels |
| CVE-2021-1870 | February 1 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-1871 | February 1 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-1879 | March 26 | WebKit bug impacting both old and new-gen iOS, iPadOS, and watchOS |
| CVE-2021-30657 | April 26 | macOS Gatekeeper bypass abused by Shlayer malware |
| CVE-2021-30661 | April 26 | WebKit zero-day impacting old and new-gen iOS, iPadOS, watchOS, and tvOS. |
| CVE-2021-30663 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30665 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30666 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30713 | May 24 | macOS TCC bypass abused by XCSSET malware |
| CVE-2021-30761 | June 14 | WebKit zero-day impacting old-gen iOS devices |
| CVE-2021-30762 | June 14 | WebKit zero-day impacting old-gen iOS devices |
Apple is urging its customers to update to the macOS Big Sur 11.5.1, iOS 14.7.1, and iPadOS 14.7.1 versions it released yesterday to address the bug.
The updates are available for macOS notebooks and desktops, iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).