Apple announces that it has fixed a 'zero-day vulnerability that could have been actively exploited' on the iPhone
Apple released security updates iOS 14.7.1 and iPad OS 14.7.1 on July 26, 2021. In the announcement of the update, Apple revealed the existence of 'reports that this issue may have been actively abused.'
About the security content of iOS 14.7.1 and iPadOS 14.7.1 --Apple Support
Apple releases fix for iOS and macOS zero-day, 13th this year --The Record by Recorded Future
https://therecord.media/apple-releases-fix-for-ios-and-macos-zero-day-13th-this-year/
The update released by Apple on July 26 includes a fix for a bug in a feature called 'IOMobileFrameBuffer' in Apple products. Applicable models are iPhone 6s or later, all models of iPad Pro, iPad Air 2 or later, 5th generation or later iPad, iPad mini 4 or later, 7th generation or later iPod touch.
Regarding this vulnerability, which was assigned the identifier 'CVE-2021-30807', Apple said, 'Applications may be able to execute arbitrary code with kernel privileges. Apple is proactive about this issue. We are aware of reports of possible misuse. '
On the other hand, he explained that the problem of memory corruption was solved by improving the memory processing, and he did not give details of the specific problem. Security reporters are also considered 'anonymous security researchers.'
Shortly after this update was released, security researcher Siddharth Aeri posted a proof of concept (PoC) code for CVE-2021-30807 on Twitter.
CVE-2021-30807 POC:
— Binaryboy (@ b1n4r1b01) July 26, 2021
int main () {
io_service_t s = IOServiceGetMatchingService (0, IOServiceMatching ('AppleCLCD'));
io_connect_t c;
IOServiceOpen (s, mach_task_self (), 0, & c);
uint64_t a [1] = {0xFFFFFFFF};
uint64_t b [1] = {0};
uint32_t o = 1;
IOConnectCallScalarMethod (c, 83, a, 1, b, & o);
}
In a blog post , security researcher Saar Amar, who had found the bug four months before the announcement, explained the technical details of the vulnerability and said, 'I've posted this bug in 2021. I was planning to discover it in March and find time in August to submit it to Apple as a high quality bug report, but it has been fixed as an 'in the wild' bug in the iOS 14.7.1 patch. I was surprised to see that. '
Security news site The Record said of the update: 'This zero-day vulnerability is likely to be the new exploit that the iOS jailbreak community uses to root the iPhone, but around the world. It's unclear if it has anything to do with the controversial NSO Group , which sells iPhone hacking tools to the government. '
This vulnerability has also been fixed in the macOS Big Sur 11.5.1 update.
Related Posts:
