CVE-2021-30807

From The iPhone Wiki
Revision as of 19:59, 11 October 2021 by Nicolas17 (talk | contribs) (brief summary)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

On 26 July 2021, Apple released iOS 14.7.1 with a fix for CVE-2021-30807, a vulnerability in IOMobileFrameBuffer which allows kernel code execution, and has been exploited in the wild according to Apple. Note that is is not the same as CVE-2021-30883 which was fixed in 15.0.2.

binaryboy published a quick crash PoC on Twitter, but he later deleted it.

Saar Amar later wrote a blog post and PoC about this vulnerability. He had independently discovered the bug earlier, but he didn't report it or publish it because he didn't have a good exploit yet, and then Apple fixed it.

Calling the vulnerable method requires the com.apple.private.allow-explicit-graphics-priority entitlement, so it's not reachable from the normal app sandbox, but it is reachable from the WebContent process, so it could be chained with a WebKit exploit.

Tango Utilities-terminal.png This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag.