Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2021.0165
Apple IOMobileFrameBuffer vulnerability (CVE-2021-30807)
27 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Big Sur
iPhone
iPad
iPod
Operating System: macOS Big Sur
iOS
iPadOS
Impact/Access: Root Compromise -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30807
OVERVIEW
Apple has released security updates for macOS Big Sur, iOS and iPadOS
to address a vulnerability (CVE-2021-30807) in IOMobileFrameBuffer which
may allow an application to execute arbitrary code with kernel privileges
[1][2].
Apple states they are aware of a report this issue may have been actively
exploited [1][2]. Reports of Proof-of-Concept exploit code and detailed
analysis of the vulnerability are also publicly available. AusCERT
recommends that updates are applied as soon as possible.
IMPACT
An application may execute arbitrary code with kernel privileges.
MITIGATION
Apple recommends updating to:
* macOS Big Sur 11.5.1 [1]
* iOS 14.7.1 and iPadOS 14.7.1 [2]
as soon as possible.
REFERENCES
[1] About the security content of macOS Big Sur 11.5.1
https://support.apple.com/en-us/HT212622
[2] About the security content of iOS 14.7.1 and iPadOS 14.7.1
https://support.apple.com/en-us/HT212623
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYP+djeNLKJtyKPYoAQi+uA//T3Z/t6G+gLseD/lUzTMCV28cSw74wuig
27m6jXOOuu/j/8J9X21HN04GP4jTdqoNYopJQzT//HycaX7vTHOzJuEC1TIm3aFW
+tSCoMpvitnloKFqBRXtF5jkvalPExUeDV++QvydrzkdLn+0Rug5439WF2ba+zxn
93nzex2KO647UNEboIf7fzQzBxPn3s0HXFdD9EZ5cLuF1EI9XT3iY507MtbKIpLb
1xKe9e2zCiOf4phyhQxcf+CMVGFK3uBb2L89gX0C5XsoN+0M/+aehk703fgX8n0s
XuIzHUcEOZjHUHt+nNUDMvbJ3nu0g61vH98bI2lwfuuYp06pSw9qUTiYxea+RfGK
o3z6aL2ZVBxLxwIAYfmSEF/5ORYxb3NQdi7wP3DTaLVr3nmTDoI+iz0un9uetE5j
gSfWE9WrfJ13MbYF+JDU51iwsdgzo1uFh2XeIM/72iS4FT+PKnBpSFZI24Ev6zTk
B/KGqbe1/rGjOcuK2lEwvPP0tm6qFInOvzETkPlXNinl0Yc/ixIJE1oC/KSw7Wm7
9xLExdUCPcx5N+iT6v/E5lnhWlubkSwaSq5jlDBy+toNyhvOSYIt243xuSpeOhn8
a1AILf1sVPBIzzKAG0/9hwSs5aF7X+vMm7+RR8DexVp8TlwN9qbrkkWZ1TdWvHcR
ZGu1oHHm0pw=
=bzii
-----END PGP SIGNATURE-----