|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "CVE-2021-30807"
(brief summary) |
|||
| Line 1: | Line 1: | ||
On {{date|2021|07|26}}, [https://support.apple.com/en-us/HT212623 Apple released iOS 14.7.1] with a fix for CVE-2021-30807, a vulnerability in IOMobileFrameBuffer which allows kernel code execution, and has been exploited in the wild according to Apple. Note that is is not the same as [[CVE-2021-30883]] which was fixed in 15.0.2. |
On {{date|2021|07|26}}, [https://support.apple.com/en-us/HT212623 Apple released iOS 14.7.1] with a fix for CVE-2021-30807, a vulnerability in IOMobileFrameBuffer which allows kernel code execution, and has been exploited in the wild according to Apple. Note that is is not the same as [[CVE-2021-30883]] which was fixed in 15.0.2. |
||
| − | binaryboy [http://web.archive.org/web/20210821232421/https://twitter.com/b1n4r1b01/status/1419734027565617165 published a quick crash PoC] on Twitter |
+ | binaryboy [http://web.archive.org/web/20210821232421/https://twitter.com/b1n4r1b01/status/1419734027565617165 published a quick crash PoC] on Twitter. |
Saar Amar later [https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ wrote a blog post and PoC] about this vulnerability. He had independently discovered the bug earlier, but he didn't report it or publish it because he didn't have a good exploit yet, and then Apple fixed it. |
Saar Amar later [https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ wrote a blog post and PoC] about this vulnerability. He had independently discovered the bug earlier, but he didn't report it or publish it because he didn't have a good exploit yet, and then Apple fixed it. |
||
Revision as of 20:15, 11 October 2021
On 26 July 2021, Apple released iOS 14.7.1 with a fix for CVE-2021-30807, a vulnerability in IOMobileFrameBuffer which allows kernel code execution, and has been exploited in the wild according to Apple. Note that is is not the same as CVE-2021-30883 which was fixed in 15.0.2.
binaryboy published a quick crash PoC on Twitter.
Saar Amar later wrote a blog post and PoC about this vulnerability. He had independently discovered the bug earlier, but he didn't report it or publish it because he didn't have a good exploit yet, and then Apple fixed it.
Calling the vulnerable method requires the com.apple.private.allow-explicit-graphics-priority entitlement, so it's not reachable from the normal app sandbox, but it is reachable from the WebContent process, so it could be chained with a WebKit exploit.
|
This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag. |
