Today's zero-day is also eerily similar to another zero-day, CVE-2021-30807, which Apple patched in July. Nonetheless, a security researcher published both a technical explanation and proof-of-concept code to exploit the bug on their blog shortly after the patch was released. Technical details about the vulnerability, or details about the attacks where the vulnerability has been used, are not available at the time of writing, as Apple usually likes to keep this information secret in order to prevent other threat actors from weaponizing the same bug before users had a chance to patch. Gaining access to kernel privileges gives attackers full control over the iOS device. Tracked as CVE-2021-30883, the zero-day resides in IOMobileFramebuffer, a kernel extension that allows developers to control how a device's memory handles the screen display-the screen framebuffer, to be more exact.Īccording to Apple, a malicious application may be able to execute arbitrary code with kernel privileges using this vulnerability. Apple patches iPhone zero-day in iOS 15.0.2Īpple has released a security update on Monday for iPhone users to address a vulnerability in the iOS operating system that has been exploited in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |