Apple patches yet one more zero-day vulnerability in its code.
Apple users should take a fast glimpse at their notification area for a critical security update pushed to survive July 26, 2021. The unscheduled security update patches a zero-day vulnerability under active exploitation, covering iOS, iPadOS, and macOS.
The latest critical security update delivered by Apple comes just weeks after an identical issue. Therein case, the patch fixed quite 30 different security issues and comes when it appears Apple is playing vulnerability whack-a-mole.
Indeed, several zero-day exploits are disclosed this year alone, although not all vulnerabilities affect all of Apple’s operating systems.
Apple: Patch Your Devices Immediately
The vulnerability at the route of the difficulty, CVE-2021-30807, exploits a vulnerability within the iGiant IOMobileFrameBuffer and, if abused, could allow an attacker to run malicious code on the target device.
Although the identity of the safety researcher who uncovered the vulnerability is unknown, a security researcher posted a proof-of-concept for the exploit on Twitter.
CVE-2021-30807 POC:
int main(){
io_service_t s = IOServiceGetMatchingService(0, IOServiceMatching("AppleCLCD"));
io_connect_t c;
IOServiceOpen(s,mach_task_self(),0,&c);
uint64_t a[1] = {0xFFFFFFFF};
uint64_t b[1] = {0};
uint32_t o = 1;
IOConnectCallScalarMethod(c,83,a,1,b,&o);
}— binaryboy (@b1n4r1b01) July 26, 2021
Furthermore, a second security researcher, Saar Armar, claims to possess found the kernel exploit separately. After Apple issued iOS 14.7.1 to patch the vulnerability, the researcher “was surprised” to seek out the exploit not active and decided to write down up his research detailing the difficulty.
But while Apple did reveal that the zero-day vulnerability was under active exploitation, it didn’t allude to whom could also be exploiting it or the number of potential attacks concerning this issue.
Who Will the Vulnerability Affect?
As Apple appears to possess moved swiftly on patching this zero-day exploit, the number of victims will remain unknown. The important thing is to see your system updates and install any pending updates.
On iOS & iPadOS:
- Head to Settings > General > Software Update
- Tap Download and Install
On macOS:
- Head to Apple menu
- Click Software Update
- Click Update Now
You may need to restart your device after installing the update.
What Is a Zero-Day Vulnerability?
A zero-day exploit may be a previously unreleased security vulnerability an attacker uses to breach a site, service, or otherwise. because the security and tech companies are unaware of its existence, it remains unpatched and vulnerable.
In this case, a security researcher discovered a vulnerability affecting each of Apple’s operating systems that, if exploited, would allow the attacker to run code as if it were the device user. When that happens, the attacker can run malicious code to steal data, credentials, and more, which is why Apple pushed a fix for the difficulty live as quickly as possible.
Although zero-day vulnerabilities are new and unexpected exploits found in existing code, keeping your device up so far is usually the most straightforward option.
