Apple Release Zero-Day Vulnerabilities Patch for its Devices
This is the 13th zero-day vulnerability that Apple has patched since the beginning of the year. On Monday, the company released an urgent security update for iOS, iPadOS, and macOS to handle the issue.
The updates address a memory corruption vulnerability (CVE-2021-30807) in the IOMobileFrameBuffer component, a kernel extension for controlling the screen framebuffer, that could be exploited to execute arbitrary code with kernel privileges. They come less than a week after the company made iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 available to the general public.
The business stated that it improved memory management to handle the problem, adding that it is “aware of an allegation that this issue may have been actively exploited.” As is customary, more information about the flaw has not been made public in order to stop it from being used as a weapon in future assaults. Apple acknowledged a researcher who wishes to remain unnamed for finding and disclosing the vulnerability.
Brief Description of the Zero-day vulnerabilities
Zero-days are vulnerabilities that are discovered and either actively leaked or exploited before the responsible vendor has had a chance to release a patch fixing the flaw. A single zero-day often sells for $1 million or more. To protect their investment, attackers who have access to zero-days typically work for nation-states or other organizations with deep pockets and exploit the vulnerabilities in highly targeted campaigns. Once the vendor learns of the zero-day, they are usually patched quickly, causing the value of the exploit to plummet.
The economics make it highly unlikely that most people have been targeted by this vulnerability. Now that a patch is available, however, other attackers will have the opportunity to reverse-engineer it to create their own exploits for use against unpatched devices. Affected users—including those using iPhone 8 and later, iPad Pros, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later—should ensure they’re running iOS 16.1 or iPadOS 16.
Get Legit Cash App Money Transfer Now
What you can achieve with our Cashapp transfer service is unlimited unless you don’t know how to do business or probably spend money.
WHAT DETAILS DO WE NEED FROM YOU TO COMPLETE TRANSACTION?
- Cashtag $name
- Cashapp Email
- Cashapp Account Holder’s Full Name (To help us send with description to the holder)
- Let us know of any specific instructions you will want us to add to your transfer, but if there are none then we will handle it
The timing of the update also begs the question of whether the zero-day contributed in any way to the hacking of iPhones using NSO Group’s Pegasus software, which has been the subject of a number of investigative reports that have revealed how the spyware tool turned the mobile phones of journalists, human rights activists, and others into portable surveillance devices and granted full access to sensitive information kept in them.
List of Patched zero-day Vulnerabilities
Additionally, Apple has patched thirteen zero-day vulnerabilities this year alone, including CVE-2021-30807.
- CVE-2021-1782 (Kernel) – A malicious application may be able to elevate privileges
- CVE-2021-1870 (WebKit) – A remote attacker may be able to cause arbitrary code execution
- CVE-2021-1871 (WebKit) – A remote attacker may be able to cause arbitrary code execution
- CVE-2021-1879 (WebKit) – Processing maliciously crafted web content may lead to universal cross-site scripting
- CVE-2021-30657 (System Preferences) – A malicious application may bypass Gatekeeper checks
- CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30663 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30665 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30666 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30713 (TCC framework) – A malicious application may be able to bypass Privacy preferences
- CVE-2021-30761 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30762 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
Given the public availability of a proof-of-concept (PoC) exploit, it’s highly recommended that users move quickly to update their devices to the latest version to mitigate the risk associated with the flaw.
Click Here to Get Legit Cash App Money Transfer
Get $500 Cashapp | Get $750 Cashapp | Get $1k Cashapp | Get $2k Cashapp | Get $5k Cashapp | Get $4k CAshapp