Apple fixes zero-day vulnerability in iOS, iPadOS, macOS under active attack • The Register

Apple on Monday fixed a zero-day vulnerability in its iOS, iPadOS and macOS operating systems, just a week after releasing a set of operating system updates that fixed around three dozen other flaws.

The bug, CVE-2021-30807, was found in iGiant’s IOMobileFrameBuffer, a kernel extension to handle the screen frame buffer that could be abused to execute malicious code on the affected device. .

CVE-2021-30807, attributed to an anonymous researcher, was processed by an undisclosed but allegedly improved memory management code.

“An application may be able to execute arbitrary code with kernel privileges,” the maker of iDevice said in one of its duplication notices. “Apple is aware of a report that this issue may have been actively exploited.”

Apple has not, however, specified who could be involved in the exploitation of this bug. The company also did not respond to a question about whether the bug was exploited by NSO Group’s Pegasus monitoring software.

Last week, Amnesty International and the media advocacy group Forbidden Stories published a series of articles titled Pegasus Project detailing how NSO’s software was used to spy on politicians, journalists and political activists.

The groups said they found evidence that “zero-click Pegasus attacks were used to install spyware on iPhones.” Specifically, they said the software was used to attack iMessage on the iPhone 11 and 12.

Shortly after the publication of Apple’s notice, the PoC operating code was posted via Twitter:

In addition, security researcher Saar Amar noted he had identified the flaw four months ago and had not reported it, as he intended to work on developing a high-quality bug submission next month. But seeing that the flaw was disclosed, he published an article about his findings.

The IOMobileFrameBuffer has paved the way for Apple software several times over the past decade. Presumably, the Cupertino coders will take a closer look at the software to see if there is anything else they missed. ®

Source link