In addition to the update for tvOS, iOS, watchOS, and macOS on Monday, Apple released patches for several vulnerabilities, including a series of remote jailbreak exploits and critical vulnerabilities in the Safari browser and kernel identified by the Tianfu Cup. feature appeared. It happened two months ago in China. As CVE-2021-30955, the problem couple on Monday released an upgrade for tvOS, iOS, watchOS, macOS, and security patches for several vulnerabilities, including the remote jailbreak exploits identified by the Tianfu Cup, as well as critical issues in the kernel and Safari. The display took place in. Two months ago, it happened in China. According to CVE-2021-30955, the problem allowed malicious applications to run arbitrary code with kernel privileges. The flaw affects macOS devices as well. Apple addressed it by improving state handling. In a tweet, Kunlun Lab’s CEO, @mj0011sec, said that the kernel bug CVE-2021-30955 was the one that they attempted to use to build their remote jailbreak chain, but they weren’t able to do so on time. A set of similar kernel vulnerabilities were eventually harnessed by the Pangu Team at the Tianfu hacking contest to break into an iPhone 13 Pro running iOS 15, a feat that earned the white hat hackers $330,000 in cash rewards. Concerning macOS, Apple patched a vulnerability in the Wi-Fi module (CVE-2021-30938) that could allow a local user on the system to cause unexpected system termination and even read kernel memory. The tech giant credited Xinru Chi of Pangu Lab with reporting the flaw.
- CVE-2021-30927 and CVE-2021-30980: A use after free issue could allow a malicious application to execute arbitrary code with kernel privileges.
- CVE-2021-30937: A memory corruption vulnerability, which could allow unauthorized applications to run arbitrary code with kernel privileges.
- memory corruption vulnerability that allows rogue applications to run arbitrary code with kernel privileges (CVE-2021-30949).
- An attacker with access to privileged network resources may be able to execute arbitrary code due to a buffer overflow vulnerability (CVE-2021-30993)
- A buffer overflow vulnerability could allow an application to run arbitrary code with kernel privileges.
- An out-of-bounds writes vulnerability could allow a rogue application to execute arbitrary code with kernel privileges.
- Specifically, CVE-2021-30991 allows a malicious application to execute arbitrary code with kernel privileges due to an out-of-bounds read issue.
- An application could be able to run arbitrary code with kernel privileges due to a race condition in CVE-2021-30996.