It looks like one day when it is time to look back at the 2020s, the state of the cybersecurity climate will be firmly etched into collective memory. Such times will most probably align with a phrase like: ‘A new day, a new vulnerability.’ This is because recently, days do not seem to pass without news of fresh vulnerabilities and security flaws. What is more, the surprising part of all of this is that these software vulnerability release reports arrive from industry giants such as Apple. Still, there is an existing pattern of security flaws in products from other heavies like Google and even Microsoft. One thing is for sure, the IT community is not used to seeing security issues come from Apple products.
A New Day, A New Vulnerability
It seems that such discoveries arise when Apple releases innovative new hardware like the AirTag or overhauls their chips in the case of the new M1s. However, recent security vulnerabilities have even hit operating systems (OS), like macOS. Yet again, on July 26th, 2021 a new privilege escalation vulnerability (a security flaw) was discovered by Apple in their own operating system product lineup. The vulnerability was found within three Apple OSs; on the new Big Sur OS that is designed to run on Apple’s new M1s, as well as on iOS and iPadOS (the iPhone and iPad operating systems, respectively.) It comes as quite a surprise that among these three OSs, Big Sur – touted as a revelation in privacy and security – is experiencing security flaws like this.
The Privilege Escalation Vulnerability
On July 26th, 2021 this vulnerability was found by an ‘anonymous researcher’ according to the official Apple release reports. The researcher has found that Apple’s new Big Sur, as well as iOS and iPadOS share a vulnerability that can lead to an external (remote) user compromising the system.
The Technical Details
This privilege escalation vulnerability (CVE-2021-30807) in Apple’s macOS, iOS, and iPadOS allows a local application to escalate privileges on the system. It exists due to a boundary issue within the IOMobileFrameBuffer subsystem. The security flaw can allow a local application to trigger a memory corruption as well as execute arbitrary code on a target system with kernel privileges. The vulnerability is marked down as high risk.
Vulnerable Software Versions
The following software versions of macOS, iPadOS and iOS are vulnerable;
macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91, 11.3 20E232, 11.3.1 20E241, 11.4 20F71, 11.5 20G71
iPadOS: 14.0 18A373, 14.0.1 18A393, 14.1 18A8395, 14.2 18B92, 14.2 18B111, 14.3 18C66, 14.4 18D52, 14.4.1 18D61, 14.4.2 18D70, 14.5 18E199, 14.5.1 18E212, 14.6 18F72, 14.7 18G69, 14.7 18G70
Apple iOS: 14.0 18A373, 14.0.1 18A393, 14.1 18A8395, 14.2 18B92, 14.2 18B111, 14.2.1 18B121, 14.3 18C66, 14.4 18D52, 14.4.1 18D61, 14.4.2 18D70, 14.5 18E199, 14.5.1 18E212, 14.6 18F72, 14.7 18G69
Apple has stated that they are aware of the fact that the vulnerability affecting the three operating systems is being actively exploited in the wild. This means that it is still a potential risk for those who do not have the latest update. The official release reports state the following “Apple is aware of a report that this issue may have been actively exploited.” Updates have been released to address the problem and users should upgrade to Big Sur 11.5.1 and iOS/iPadOS 14.7.1 to avoid any potential issues stemming from this vulnerability. For help with Apple security issues in general, it is recommended that users visit Apple’s security help page.
Note: The July 26th, 2021 11.5.1 update is for macOS Big Sur, while the 126.96.36.199 is available for “iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).”