Zero Day Apple Vulnerability Under Active Attack

Apple is urging users of iPhones, iPads, and Macs to install the operating system updates it released on Monday, as the vulnerability in iOS and macOS that was corrected is now being actively exploited in the wild.

The vulnerability, tracked as CVE-2021-30807, is a memory corruption flaw in the IOMobileFrameBuffer extension used by iOS, iPadOS and macOS. IOMobileFrameBuffer is a kernel extension that manages the screen frame buffer. The flaw can be exploited remotely and will allow a threat actor to execute arbitrary code with kernel privileges, which will give an attacker full control of a vulnerable device.

The flaw is straightforward to exploit, according to Microsoft Security Response Center researcher Saar Amar. Amar claims to have discovered the vulnerability but had not had time to work on an exploit for the flaw to be able get a high-quality submission. He was beaten to submitting the flaw to Apple by an anonymous researcher.

In a recent blog post, Amar said the vulnerability is “in a flow called from the external method 83 of AppleCLCD/IOMFB (which is IOMobileFramebufferUserClient::s_displayed_fb_surface).” Amar said, “Simply calling the external method 83 will do the job (and we can obtain the userclient to AppleCLCD/IMOFB from the app sandbox).”

The latest versions of the operating systems are iOS 14.7, iPadOS 14.7.1 and macOS Big Sur 11.5.1. These versions have an update to improve memory handling and have the CVE-2021-30807 vulnerability corrected. Users should update to these (or later) versions as soon as possible to prevent the flaw from being exploited.

iPhone users still have to wait for a patch to correct a flaw that was exploited to install spyware. The Israeli cybersecurity company NSO Group created Pegasus spyware which could be installed on iPhone 11 and iPhone 12 devices via SMS, WhatsApp, iMessage attack vectors, or even in a zero-click attack – no user interaction required – by exploiting a software vulnerability. The spyware had been sold to many foreign governments and was used for 24-hour surveillance of key targets such as political activists, opposition party politicians, journalists, businessmen, foreign diplomats, human rights lawyers, and other key figures.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news