The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

CVE-2021-30807

From The iPhone Wiki
Revision as of 20:15, 11 October 2021 by Nicolas17 (talk | contribs)
Jump to: navigation, search

On 26 July 2021, Apple released iOS 14.7.1 with a fix for CVE-2021-30807, a vulnerability in IOMobileFrameBuffer which allows kernel code execution, and has been exploited in the wild according to Apple. Note that is is not the same as CVE-2021-30883 which was fixed in 15.0.2.

binaryboy published a quick crash PoC on Twitter.

Saar Amar later wrote a blog post and PoC about this vulnerability. He had independently discovered the bug earlier, but he didn't report it or publish it because he didn't have a good exploit yet, and then Apple fixed it.

Calling the vulnerable method requires the com.apple.private.allow-explicit-graphics-priority entitlement, so it's not reachable from the normal app sandbox, but it is reachable from the WebContent process, so it could be chained with a WebKit exploit.

Tango Utilities-terminal.png This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag.
Retrieved from "https://www.theiphonewiki.com/w/index.php?title=CVE-2021-30807&oldid=118533"