Apple has released the 13th patch this year to fix a zero-day vulnerability in its operating systems

Jul 27, 2021 15:20 GMT  ·  By

Apple fixed a zero-day vulnerability in its macOS, iOS, and iPadOS operating systems on Monday, less than a week after releasing a set of updates that addressed more than 36 other vulnerabilities in total, according to The Register

IOMobileFrameBuffer code, a kernel extension for the screen frame buffer management, was found to include a vulnerability, classified as CVE-2021-30807, that can be exploited to execute malicious code on the afflicted device.  The vulnerability is attributed to an unidentified researcher and was fixed by an undisclosed, but reportedly better memory handling code.

Apple notes on its advisory "An application may be able to execute arbitrary code with kernel privileges," [...] "Apple is aware of a report that this issue may have been actively exploited." On the other hand, Apple did not specify who might be involved in exploiting this flaw. An inquiry about whether the weakness was exploited by NSO Group's Pegasus monitoring tool received no response from the firm.

Apple computers, tablets, and smartphones were all impacted by the vulnerability

Amnesty International and the Forbidden Stories media advocacy group released a series of articles last week titled Pegasus Project, in which they revealed how software from the National Security Organization (NSO) was used to spy on journalists, politicians, and political activists in the United States. They claimed to have discovered evidence that Zero-click Pegasus attacks have been used to install spyware on iPhones. Moreover, it appears to be specifically designed to target iMessage on the iPhone 11 and iPhone 12.

Meanwhile, security researcher Saar Amar revealed four months ago that he discovered but did not report the vulnerability because he intended to focus on making an excellent bug submission next month. However, after the issue was discovered, he published a post explaining his findings.

IOMobileFrameBuffer has been able to infiltrate Apple's software many times throughout the course of the preceding decade. Cupertino developers will almost certainly dig deeper into the software to see if anything else has been overlooked.