Apple Patches Another High Severity Zero-Day Flaw Exploited in the Wild
Apple has released an urgent update to address a critical zero-day vulnerability that is being exploited in the wild. The vulnerability is tracked as CVE-2021-30807 and affects iOS, iPadOS, and macOS devices. This vulnerability exists due to a memory corruption issue in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer. It allows an attacker to execute arbitrary code with kernel privileges.
Apple has released this update at a time when there are reports of a vulnerability in iMessage used by the Pegasus spyware for surveillance on dissidents, activists, human rights lawyers, and opposition politicians using Apple devices. Although the current Apple advisory does not mention this update includes a fix for the iMessage vulnerability also, few researchers believe in this possibility.
Discover more from Chad M. Barr
Subscribe to get the latest posts sent to your email.