Apple addressed a security flaw, tracked as CVE-2021-30807, in macOS and iOS that may have been actively exploited to plant malware on vulnerable devices. The vulnerability resides in the IOMobileFramebuffer, which is a kernel extension for managing the screen framebuffer. It is controlled by the user-land framework IOMobileFramework.
The IT giant did not publish details about the attacks either the attackers that exploited the vulnerability.
An attacker could trigger the CVE-2021-30807 to execute arbitrary code with kernel privileges on a vulnerable device.
Attackers could exploit the flaw to take full control over a device.
“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple.
Apple addressed the memory corruption issue by improving memory handling.
This is the 13th zero-day flaw fixed by Apple this year:
CVE |
CVE-2021-1782 |
CVE-2021-1870 |
CVE-2021-1871 |
CVE-2021-1879 |
CVE-2021-30657 |
CVE-2021-30661 |
CVE-2021-30663 |
CVE-2021-30665 |
CVE-2021-30666 |
CVE-2021-30713 |
CVE-2021-30761 |
CVE-2021-30762 |
Apple addressed the flaw with the release of macOS Big Sur 11.5.1, iOS 14.7.1, and iPadOS 14.7.1, versions.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, APT41)
[adrotate banner=”5″]
[adrotate banner=”13″]
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…
The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…
This website uses cookies.