Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0165 Apple IOMobileFrameBuffer vulnerability (CVE-2021-30807) 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Big Sur iPhone iPad iPod Operating System: macOS Big Sur iOS iPadOS Impact/Access: Root Compromise -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2021-30807 OVERVIEW Apple has released security updates for macOS Big Sur, iOS and iPadOS to address a vulnerability (CVE-2021-30807) in IOMobileFrameBuffer which may allow an application to execute arbitrary code with kernel privileges [1][2]. Apple states they are aware of a report this issue may have been actively exploited [1][2]. Reports of Proof-of-Concept exploit code and detailed analysis of the vulnerability are also publicly available. AusCERT recommends that updates are applied as soon as possible. IMPACT An application may execute arbitrary code with kernel privileges. MITIGATION Apple recommends updating to: * macOS Big Sur 11.5.1 [1] * iOS 14.7.1 and iPadOS 14.7.1 [2] as soon as possible. REFERENCES [1] About the security content of macOS Big Sur 11.5.1 https://support.apple.com/en-us/HT212622 [2] About the security content of iOS 14.7.1 and iPadOS 14.7.1 https://support.apple.com/en-us/HT212623 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYP+djeNLKJtyKPYoAQi+uA//T3Z/t6G+gLseD/lUzTMCV28cSw74wuig 27m6jXOOuu/j/8J9X21HN04GP4jTdqoNYopJQzT//HycaX7vTHOzJuEC1TIm3aFW +tSCoMpvitnloKFqBRXtF5jkvalPExUeDV++QvydrzkdLn+0Rug5439WF2ba+zxn 93nzex2KO647UNEboIf7fzQzBxPn3s0HXFdD9EZ5cLuF1EI9XT3iY507MtbKIpLb 1xKe9e2zCiOf4phyhQxcf+CMVGFK3uBb2L89gX0C5XsoN+0M/+aehk703fgX8n0s XuIzHUcEOZjHUHt+nNUDMvbJ3nu0g61vH98bI2lwfuuYp06pSw9qUTiYxea+RfGK o3z6aL2ZVBxLxwIAYfmSEF/5ORYxb3NQdi7wP3DTaLVr3nmTDoI+iz0un9uetE5j gSfWE9WrfJ13MbYF+JDU51iwsdgzo1uFh2XeIM/72iS4FT+PKnBpSFZI24Ev6zTk B/KGqbe1/rGjOcuK2lEwvPP0tm6qFInOvzETkPlXNinl0Yc/ixIJE1oC/KSw7Wm7 9xLExdUCPcx5N+iT6v/E5lnhWlubkSwaSq5jlDBy+toNyhvOSYIt243xuSpeOhn8 a1AILf1sVPBIzzKAG0/9hwSs5aF7X+vMm7+RR8DexVp8TlwN9qbrkkWZ1TdWvHcR ZGu1oHHm0pw= =bzii -----END PGP SIGNATURE-----