Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.
Apple has revealed that it fixes a previously unknown flaw that the company says appears to have been “actively exploited”.
The memory-corruption flaw, tracked as CVE-2021-30807, is found in the IOMobileFrameBuffer extension which exists in both iOS and macOS but has been fixed according to a specific device platform.
A malicious app could execute arbitrary code with kernel privileges, Apple warns in both advisories.
“Apple is aware of a report that this issue may have been actively exploited,” the company said, The issue was reported by an anonymous researcher. Already, proof of concept exploit code has been posted online.
Though Apple attributed the discovery of the bug to an “anonymous researcher,” a security researcher at the Microsoft Security Response Center (MSRC) came forward separately on Monday and tweeted that he had discovered the vulnerability some time ago but hadn’t yet found the time to report it to Apple.
He notes that the bug “is as trivial and straightforward as it can get”, but adds that “the exploitation process is quite interesting here” and offers more detail than Apple would ever provide in its advisories.
With the public availability of a proof-of-concept (PoC) exploit, It is highly recommended that users quickly update their devices to the latest version to mitigate the risk associated with the flaw.