Apple Releases Urgent Update to Patch Another Zero-Day Flaw

 On Monday, Apple released an urgent update to iOS and iPad OS to patch a critical zero-day flaw currently being exported in the wild by hackers. Apple urges all users to update devices immediately.

What Happened?

The update addresses the 17th zero-day vulnerability this year. The Hacker News explains ‘The weakness, assigned the identifier  CVE-2021-30883, concerns a memory corruption issue in the “IOMobileFrameBuffer” component that could allow an application to execute arbitrary code with kernel privileges. Crediting an anonymous researcher for reporting the vulnerability, Apple said it’s “aware of a report that this issue may have been actively exploited.”’

To protect iPhone and iPad users, Apple declined to provide any technical details about the flaw, nor did they disclose the identity of the threat actor using the vulnerability to attack users. However, they did confirm that the patch will close the hole and improve memory handling on the devices.

The Hacker News consulted with security researcher Saar Amar who shared ‘additional details and a proof-of-concept (PoC) exploit, noting that “this attack surface is highly interesting because it’s accessible from the app sandbox (so it’s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains.”’

The current issue joins another zero-day flaw that affects IOMobileFrameBuffer, which Apple addressed in July with another update. Experts theorize that the two issues may be connected.

The Hacker News lists the 17 zero-day vulnerabilities patched so far this year:

•  “CVE-2021-1782  (Kernel) - A malicious application may be able to elevate privileges.
•  CVE-2021-1870  (WebKit) - A remote attacker may be able to cause arbitrary code execution.
•  CVE-2021-1871  (WebKit) - A remote attacker may be able to cause arbitrary code execution.
•  CVE-2021-1879  (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting.
•  CVE-2021-30657  (System Preferences) - A malicious application may bypass Gatekeeper checks.
•  CVE-2021-30661  (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution.
•  CVE-2021-30663  (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
•  CVE-2021-30665  (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
•  CVE-2021-30666  (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
•  CVE-2021-30713  (TCC framework) - A malicious application may be able to bypass Privacy preferences.
•  CVE-2021-30761  (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
•  CVE-2021-30762  (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
•  CVE-2021-30807  (IOMobileFrameBuffer) - An application may be able to execute arbitrary code with kernel privileges.
•  CVE-2021-30858  (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution.
•  CVE-2021-30860  (CoreGraphics) - Processing a maliciously crafted PDF may lead to arbitrary code execution.
•  CVE-2021-30869  (XNU) - A malicious application may be able to execute arbitrary code with kernel privileges.”

How Apple Users Can Stay Safe

Along with threat researchers, Apple is urging all Apple customers to update their devices immediately to patch this issue. Along with keeping the OS up-to-date, other tips from the experts include:

• Never download apps from untrusted sources.
• Always use super strong passwords on all accounts and devices.
• Use two-factor or multi-factor authentication for logins.
• Never click links or download attachments from untrusted emails. 
• Do not share personal information online when unsolicited.
• Keep all apps updated.
• Install and use good antivirus software on all devices.
• Watch out for social engineering tactics.
• Never reuse passwords on multiple accounts.