Apple has released an updated version of the iOS mobile operating system that patches the vulnerability active attack.
This vulnerability, tracked as CVE-2021-30807, affects IOMobileFrameBuffer, a kernel extension for managing screen framebuffers on Apple devices. In a security update, Apple said the vulnerability could allow an attacker to execute arbitrary code with kernel privileges. “We are aware of reports that this issue may have been actively abused,” he said.
This bug is the 13th zero-day attack addressed by Apple in 2021. The latest version of macOSBigSur 11.5.1 improves memory handling in iOS 14.7.1 and iPad OS 14.7.1 and patches the latest vulnerabilities.
The company doesn’t publish a detailed description of software vulnerabilities until most people download patches or upgrades, but to exploit the vulnerabilities, users first install a malicious app. It is believed that it is necessary.
Therefore, the LPE vulnerability found in IOMFB four months ago was actually patched in iOS 14.7.1. I wanted to share my knowledge and details about bugs and some ways to exploit them. If its helpful then im happy. Please check it by all means. https://t.co/fxLTJZgc3B
— Saar Amar (@AmarSaar) July 26, 2021
Researcher Saar Amar claims that he discovered a recently patched vulnerability four months ago and used the WebKit browser engine to create a proof-of-concept attack mechanism. Amar said he didn’t have time to fully document it and notify Apple. He published the findings on GitHub yesterday.
Apple is urging users to update their operating system to macOS Big Sur 11.5.1, iOS 14.7.1, or iPadOS 14.7.1 as soon as possible, depending on the device.
This advice comes a few days after Apple advised customers to upgrade to iOS 14.7 and iPad OS 14.7 and patch a series of other code execution vulnerabilities.
However, no security fixes have been made yet. It has been reported that protection against Pegasus spyware can be installed on the iPhone in a “zero-click” manner, perhaps simply by calling.
After infecting the device, operators recorded calls, emailed, and photographed by Pegasus, which was sold by the Israeli surveillance company NSO Group and has been heavily exposed by Forbidden Stories, Amnesty International, and various media organizations. , Steal messages and activate camera and microphone.
Pegausus may have been used to snoop on over 1,000 journalists, rights activists, politicians and other celebrities from about 50 countries. It is also involved in the murder of Saudi Arabian journalist Jamal Khashoggi.
Apple’s stock price plummeted following the announcement of Pegasus. This is not necessarily more vulnerable to attacks by Pegasus than Android, but because security is one of the main selling points.
Apple releases a new version of iOS to patch zero-day flaws under active attacks
Source link Apple releases a new version of iOS to patch zero-day flaws under active attacks