Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago.
Tracked as CVE-2021-30955, the issue could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple said it addressed the race condition bug with “improved state handling.” The flaw also impacts macOS devices.
“The kernel bug CVE-2021-30955 is the one we tried [to] use to build our remote jailbreak chain but failed to complete on time,” Kunlun Lab’s chief executive, @mj0011sec, said in a tweet. A set of similar kernel vulnerabilities were eventually harnessed by the Pangu Team at the Tianfu hacking contest to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in cash rewards.
Besides CVE-2021-30955, a total of five Kernel and four IOMobileFrameBuffer (a kernel extension for managing the screen framebuffer) flaws have been remediated with the latest updates —
- CVE-2021-30927 and CVE-2021-30980: A use after free issue that could allow a rogue application to run arbitrary code with kernel privileges.
- CVE-2021-30937: A memory corruption vulnerability that could allow a rogue application to run arbitrary code with kernel privileges.
- CVE-2021-30949: A memory corruption issue that could allow a rogue application to run arbitrary code with kernel privileges.
- CVE-2021-30993: A buffer overflow issue that could allow an attacker in a privileged network position may be able to execute arbitrary code
- CVE-2021-30983: A buffer overflow issue that could allow an application to run arbitrary code with kernel privileges.
- CVE-2021-30985: An out-of-bounds write issue that could allow a rogue application to run arbitrary code with kernel privileges.
- CVE-2021-30991: An out-of-bounds read issue that could allow a malicious application to run arbitrary code with kernel privileges.
- CVE-2021-30996: A race condition that could allow a rogue application to run arbitrary code with kernel privileges.
On the macOS front, the Cupertino-based company patched an issue with the Wi-Fi module (CVE-2021-30938) that a local user on the system could exploit to cause unexpected system termination and even read kernel memory. The tech giant credited Xinru Chi of Pangu Lab with reporting the flaw.
Also fixed are seven security flaws in the WebKit component — CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, and CVE-2021-30984t — that could potentially result in a scenario where processing specially crafted web content may lead to arbitrary code execution.
Additionally, Apple also resolved a couple of issues affecting Notes and Password Manager apps in iOS that could enable a person with physical access to an iOS device to access contacts from the lock screen and retrieve stored passwords without any authentication. Last but not least, a bug in FaceTime has been squashed, which otherwise may have leaked sensitive user information through Live Photos metadata.