27 Jul SANS InfoSec Handlers Diary Blog – Apple Patches for CVE-2021-30807

I recently wrote a diary on the SANS Internet Storm Center about a recent update Apple released to address CVE-2021-30807.

Please click here to read the full diary entry. Alternatively, the full diary is reposted in full below.

Apple has released another update (previous update was only about 5 days ago) to address CVE-2021-30807 that was discovered by an anonymous researcher. This update resolves an issue with IOMobileFrameBuffer which could allow an application to execute arbitrary code with kernel privileges [1], [2]. This issue may have been actively exploited.

As Apple has indicated that this issue may have been actively exploited, it is recommended that affected devices be updated as soon as possible.

Update: Technical details for CVE-2021-30807 can be found here [3].
Update 2: Apple has also released a corresponding update for WatchOS [4].

References:
[1] https://support.apple.com/en-us/HT212622
[2] https://support.apple.com/en-us/HT212623
[3] https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
[4] https://support.apple.com/en-us/HT212713