Time to update your iPhone as Apple fixes ‘actively exploited’ zero day flaw
Apple released a fix for a previously undisclosed flaw that appears to have been actively exploited. The patch pertains to iPad iOS 14.7.1 and iOS 14.7.1. The company also released macOS Big Sur 11.5.1 to address the same issue, however, this one lies in a common Apple kernel extension called IOMobileFrameBuffer. Apple released an advisory warning that the flaws could be exploited via a malicious app that executes arbitrary code with kernel privileges. The memory corruption issue is tracked as CVE-2021-30807 and was reported by an anonymous researcher. A proof of concept exploit code has been posted online.
A researcher at Microsoft, Saar Amar, also allegedly found the bug in iOS four months ago. According to Amar, he did not report the bug as he was working towards a high-quality bug report for Apple’s bug bounty program. After Apple revealed the bug, he published detailed explanatory notes about his findings and the issues uncovered in IOMobileFrameBuffer, stating that the bug was trivial and straightforward. However, Amar also claims that the exploitation process was more unique, stating that local privilege escalation could be triggered from the core engine of a Safari WebKit component known as WebContent.