Memory corruption bugs sometimes lead to information leakage holes, where a malicious program can read out other people’s data that is supposed to secret. That sort of bug frequently leads to DoS, or denial of service attacks, where a malicious program can deliberately crash the device at will. We’re guessing that there’s a function in there that could be called in an unexpected and erroneous way that caused some sort of buffer overflow or buffer misdirection, where the kernel failed to check the parameters it was passed and therefore allowed an unprivileged program to shovel data into privileged memory where it wasn’t supposed to be. The functions supported by IOMobileFrameBuffer help with the management of settings such as video power saving, as well as colour and brightness correction. The vulnerability was apparently found in the IOMobileFrameBuffer kernel code, a component that helps userland applications (in other words, unprivileged software) to configure and use your device’s or computer’s display. (The name zero-day or 0-day denotes that there were zero days during which even the keenest and earliest adopters of official updates could have patched in advance.)
#Apple security update iphones macs Patch#
If the crooks knew about it first, that makes it a zero-day bug, the jargon term used when the patch came out after the Bad Guys had a head start, rather than before the Bad Guys figured it out for themselves. Apple is aware of a report that this issue may have been actively exploited.
#Apple security update iphones macs code#
Indeed, all we know about it, and all Apple has said so far, is that:Īn application may be able to execute arbitrary code with kernel privileges. This one doesn’t have a fancy name, but instead goes simply by CVE-2021-30807, and was reported, according to Apple “by an anonymous researcher”. Now, however, it’s Apple’s turn to be in the patch-right-now spotlight, with a somewhat under-announced emergency zero-day fix, just a few days after the company’s last, and much broader, security update. You might be forgiven for thinking that July 2021 was Microsoft’s month for cybersecurity vulnerabilities.įirst there was PrintNightmare in several guises, followed by HiveNightmare (an entirely unrelated bug that nevertheless attracted the “Nightmare” moniker), followed by PetitPotam (which went down the cute aquatic mammal naming path).
0 kommentar(er)
