![]() CVE-2021-30666 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.CVE-2021-30665 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.CVE-2021-30663 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.CVE-2021-30661 (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution.CVE-2021-30657 (System Preferences) - A malicious application may bypass Gatekeeper checks.CVE-2021-1879 (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting.CVE-2021-1871 (WebKit) - A remote attacker may be able to cause arbitrary code execution.CVE-2021-1870 (WebKit) - A remote attacker may be able to cause arbitrary code execution.CVE-2021-1782 (Kernel) - A malicious application may be able to elevate privileges.With the latest fix, the company has resolved a record 17 zero-days to date in 2021 alone. The iPhone maker said it addressed the issue with improved memory handling.īut soon after the advisory was released, security researcher Saar Amar shared additional details, and a proof-of-concept (PoC) exploit, noting that "this attack surface is highly interesting because it's accessible from the app sandbox (so it's great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains."ĬVE-2021-30883 is also the second zero-day impacting IOMobileFrameBuffer after Apple addressed a similar, anonymously reported memory corruption issue (CVE-2021-30807) in July 2021, raising the possibility that the two flaws could be related. ![]() Technical specifics about the flaw and the nature of the attacks remain unavailable as yet, as is the identity of the threat actor, so as to allow a majority of the users to apply the patch and prevent other adversaries from weaponizing the vulnerability. Crediting an anonymous researcher for reporting the vulnerability, Apple said it's "aware of a report that this issue may have been actively exploited." ![]() The weakness, assigned the identifier CVE-2021-30883, concerns a memory corruption issue in the "IOMobileFrameBuffer" component that could allow an application to execute arbitrary code with kernel privileges. Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |