• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
latest apple ios update patches remote jailbreak exploit for iphones

Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones

You are here: Home / General Cyber Security News / Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones
December 14, 2021

Apple on Monday produced updates to iOS, macOS, tvOS, and watchOS with security patches for a number of vulnerabilities, which include a remote jailbreak exploit chain as perfectly as a variety of critical issues in the Kernel and Safari web browser that ended up first demonstrated at the Tianfu Cup held in China two months in the past.

Tracked as CVE-2021-30955, the issue could have enabled a malicious software to execute arbitrary code with kernel privileges. Apple stated it dealt with the issue with “enhanced point out handling.” The flaw also impacts macOS products.

“The kernel bug CVE-2021-30955 is the one we tried using [to] use to construct our remote jailbreak chain but failed to entire on time,” Kunlun Lab’s chief government, @mj0011sec, mentioned in a tweet. A established of kernel vulnerabilities have been at some point harnessed by the Pangu Crew at the Tianfu hacking contest to crack into an iPhone13 Pro jogging iOS 15, a feat that netted the white hat hackers $330,000 in dollars benefits.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

Besides CVE-2021-30955, a total of five Kernel and four IOMobileFrameBuffer (a kernel extension for taking care of the display framebuffer) flaws have been remediated with the hottest updates —

  • CVE-2021-30927 and CVE-2021-30980: A use right after free issue that could allow for a rogue software to run arbitrary code with kernel privileges.
  • CVE-2021-30937: A memory corruption vulnerability that could let a rogue application to run arbitrary code with kernel privileges.
  • CVE-2021-30949: A memory corruption issue that could permit a rogue application to run arbitrary code with kernel privileges.
  • CVE-2021-30993: A buffer overflow issue that could permit an attacker in a privileged network posture could be able to execute arbitrary code
  • CVE-2021-30983: A buffer overflow issue that could enable an software to operate arbitrary code with kernel privileges.
  • CVE-2021-30985: An out-of-bounds compose issue that could make it possible for a rogue application to operate arbitrary code with kernel privileges.
  • CVE-2021-30991: An out-of-bounds go through issue that could allow a malicious application to operate arbitrary code with kernel privileges.
  • CVE-2021-30996: A race affliction that could let a rogue software to operate arbitrary code with kernel privileges.

On the macOS entrance, the Cupertino-based mostly company patched an issue with the Wi-Fi module (CVE-2021-30938) that a area user on the system could exploit to result in unforeseen technique termination and even read through kernel memory. The tech giant credited Xinru Chi of Pangu Lab with reporting the flaw.

Prevent Data Breaches

Also fastened are seven security flaws in the WebKit part — CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, and CVE-2021-30984t — that could likely consequence in a situation where processing specifically crafted web articles could lead to arbitrary code execution.

On top of that, Apple also settled a few of issues influencing Notes, and Password Manager in iOS that could help a individual with actual physical access to an iOS system to entry contacts from the lock screen and retrieve saved passwords without any authentication. Very last but not least, a bug in FaceTime has been squashed, which usually might have leaked sensitive user facts by Dwell Photographs metadata.

Located this report intriguing? Follow THN on Facebook, Twitter  and LinkedIn to examine a lot more exceptional content we post.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «update google chrome to patch new zero day exploit detected in Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild
Next Post: Ransomware Affiliate Arrested in Romania; 51 Stolen Data Brokers Arrested in Ukraine ransomware affiliate arrested in romania; 51 stolen data brokers arrested»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys
  • Fronton IOT Botnet Packs Disinformation Punch
  • SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
  • New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild
  • Open source packages with millions of installs hacked to harvest AWS credentials
  • DOE ‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌funds‌ ‌development of Qunnect’s Quantum Repeater
  • Cabinet Office Reports 800 Missing Electronic Devices in Three Years
  • Malware Analysis: Trickbot
  • Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
  • US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info

Copyright © TheCyberSecurity.News, All Rights Reserved.