D2
Администратор
- Регистрация
- 19 Фев 2025
- Сообщения
- 4,380
- Реакции
- 0
Using the vulnerability, the malicious application can perform arbitrary code on the device with the privileges of the kernel.
Apple has released corrections for the zero day vulnerability in iOS, iPados and MacOS, already operating in real hacker attacks.
Vulnerability (CVE-2021-30807) affects iomobileFramebuffer - the extension of the kernel that allows developers to control how the device's memory supports a frameBuer (memory area for short-term storage of one or more frames in digital form before sending it to the device).
Using the vulnerability, the malicious application can perform arbitrary code on the device with the privileges of the kernel. The privileges of the kernel give an attacker the opportunity to get complete control over a vulnerable device, be it iPhone, iPad, laptop or computer running MacOS.
According to Apple's notification of security for IOS / iOS / iPados and MacOS, the company knows that the aforementioned vulnerability could have already been operated by hackers, but it did not provide any details.
One of the security researchers published on Twitter POC-Explit for vulnerability. Another researcher who said that discovered this vulnerability regardless of others, published a detailed description of the problem. According to him, he was going to provide his report on the vulnerability of Apple, but she was ahead of him by releasing the patch. Users are highly recommended to update their devices to MacOS Big Sur 11.5.1, iOS 14.7.1 and iPados 14.7.1, in which CVE-2021-30807 has already been fixed. Updates are available for MacOS computers and laptops, as well as for iPhone 6S and later models, iPad Pro (all models), iPad Air 2 and later, fifth generation iPad and later, iPad mini 4 and later and iPod Touch (seventh generation). This is already the thirteenth vulnerability of the zero day, corrected by Apple this year.
https://www.securitylab.ru/news/522722.php
Apple has released corrections for the zero day vulnerability in iOS, iPados and MacOS, already operating in real hacker attacks.
Vulnerability (CVE-2021-30807) affects iomobileFramebuffer - the extension of the kernel that allows developers to control how the device's memory supports a frameBuer (memory area for short-term storage of one or more frames in digital form before sending it to the device).
Using the vulnerability, the malicious application can perform arbitrary code on the device with the privileges of the kernel. The privileges of the kernel give an attacker the opportunity to get complete control over a vulnerable device, be it iPhone, iPad, laptop or computer running MacOS.
According to Apple's notification of security for IOS / iOS / iPados and MacOS, the company knows that the aforementioned vulnerability could have already been operated by hackers, but it did not provide any details.
One of the security researchers published on Twitter POC-Explit for vulnerability. Another researcher who said that discovered this vulnerability regardless of others, published a detailed description of the problem. According to him, he was going to provide his report on the vulnerability of Apple, but she was ahead of him by releasing the patch. Users are highly recommended to update their devices to MacOS Big Sur 11.5.1, iOS 14.7.1 and iPados 14.7.1, in which CVE-2021-30807 has already been fixed. Updates are available for MacOS computers and laptops, as well as for iPhone 6S and later models, iPad Pro (all models), iPad Air 2 and later, fifth generation iPad and later, iPad mini 4 and later and iPod Touch (seventh generation). This is already the thirteenth vulnerability of the zero day, corrected by Apple this year.
https://www.securitylab.ru/news/522722.php