Apple released a security update that addresses CVE-2021-30807 flaw in macOS and iOS that may have been actively exploited to deliver malware

Apple addressed a security flaw, tracked as CVE-2021-30807, in macOS and iOS that may have been actively exploited to plant malware on vulnerable devices. The vulnerability resides in the IOMobileFramebuffer, which is a kernel extension for managing the screen framebuffer. It is controlled by the user-land framework IOMobileFramework.

The IT giant did not publish details about the attacks either the attackers that exploited the vulnerability.

An attacker could trigger the CVE-2021-30807 to execute arbitrary code with kernel privileges on a vulnerable device.

Attackers could exploit the flaw to take full control over a device.

“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple.

Apple addressed the memory corruption issue by improving memory handling.

This is the 13th zero-day flaw fixed by Apple this year:

CVECVE-2021-1782CVE-2021-1870CVE-2021-1871CVE-2021-1879CVE-2021-30657CVE-2021-30661CVE-2021-30663CVE-2021-30665CVE-2021-30666CVE-2021-30713CVE-2021-30761CVE-2021-30762 

Apple addressed the flaw with the release of macOS Big Sur 11.5.1, iOS 14.7.1, and iPadOS 14.7.1, versions.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, APT41)

The post Apple fixes CVE-2021-30807 flaw, the 13th zero-day this year appeared first on Security Affairs.