Thursday, September 23, 2021

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Must Read

Microsoft Exchange hack: Hackers breached the email servers of the European Banking Authority (EBA)

The European Banking Authority (EBA) on Sunday said it had been a victim of a cyberattack targeting its Microsoft...

Microsoft links Vietnamese Country hackers to a crypto-mining malware campaign

Vietnamese government-backed hackers have been recently seen deploying cryptocurrency-mining malware along with their routine cyber-espionage toolkits, Microsoft said on...

A Fifth of Consumers Affected by Identity Fraud in 2020

One in five individuals is influenced by identity fraud this year, having been advised that their private information was...

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.

Apple has revealed that it fixes a previously unknown flaw that the company says appears to have been “actively exploited”. 

The memory-corruption flaw, tracked as CVE-2021-30807, is found in the IOMobileFrameBuffer extension which exists in both iOS and macOS but has been fixed according to a specific device platform.

A malicious app could execute arbitrary code with kernel privileges, Apple warns in both advisories. 

Apple released three updates, iOS 14.7., iPadOS 14.7.1, and macOS Big Sur 11.5.1 to patch the vulnerability on each of the platforms.

“Apple is aware of a report that this issue may have been actively exploited,” the company said, The issue was reported by an anonymous researcher. Already, proof of concept exploit code has been posted online. 

Though Apple attributed the discovery of the bug to an “anonymous researcher,” a security researcher at the Microsoft Security Response Center (MSRC) came forward separately on Monday and tweeted that he had discovered the vulnerability some time ago but hadn’t yet found the time to report it to Apple.

He notes that the bug “is as trivial and straightforward as it can get”, but adds that “the exploitation process is quite interesting here” and offers more detail than Apple would ever provide in its advisories. 

With the public availability of a proof-of-concept (PoC) exploit, It is highly recommended that users quickly update their devices to the latest version to mitigate the risk associated with the flaw.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This