Apple yesterday released iOS 14.7.1, with a reference to an iOS security fix for a vulnerability that may have been actively exploited …
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
There are two clues in there that suggest the fix was for an exploit used by NSO for a zero-click attack, which has been used against iPhones owned by dissidents, activists, human rights lawyers, and opposition politicians.
First, Amnesty International’s report said that merely receiving a particular iMessage could be enough to compromise a phone and allow personal data to be accessed. Analysis suggests that this was achieved through a memory overflow, matching Apple’s description of the flaw.
Second, Apple said that it was aware that the vulnerability may have been actively exploited in the wild. The company’s phrasing is rather academic in tone, but that is typical of Apple’s style.
The Register notes the potential link, and also says that the exploit code has now been posted.
Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.
The bug, CVE-2021-30807, was found in the iGiant’s IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.
CVE-2021-30807, credited to an anonymous researcher, has been addressed by undisclosed but purportedly improved memory handling code […]
Apple did not, however, say who might be involved in the exploitation of this bug. Nor did the company respond to a query about whether the bug has been exploited by NSO Group’s Pegasus surveillance software […]
The IOMobileFrameBuffer has provided a path into Apple’s software several times over the past decade. Presumably Cupertino’s coders will be taking a closer look at the software to see if there’s anything else they’ve missed.
A security researcher who had earlier identified the issue but had not had time to work it up into a detailed report to Apple has shared the details of what he found.
Other security researchers have called on Apple to treat the vulnerability of iMessage to such attacks as a far higher priority. Johns Hopkins associate professor and cryptographer Matthew Green said that Apple should “re-write most of the iMessage codebase in some memory-safe language,” while security researcher and iPhone jailbreaker Will Strafach said that Apple should be making it easier for researchers to see what is happening when such attacks occur, so that the underlying vulnerabilities can be more readily identified.
Photo: Onur Binay/Unsplash
Author: Ben Lovejoy
Source: 9TO5Google