Earlier this week, Apple announced security patches for various weaknesses in iOS, macOS, tvOS, and watchOS, including a remote jailbreak exploit chain and several critical flaws in the Kernel and Safari web browser. These vulnerabilities were initially revealed in October at the International Cyber Security Contest Tianfu Cup in China.
The vulnerability, identified as CVE-2021-30955, could have allowed a malicious program to run arbitrary code with kernel privileges. According to Apple, the problem has been addressed by implementing “improved state handling.” macOS devices are also affected by this issue.
Kunlun Lab’s chief executive, @mj0011sec tweeted:
The kernel bug CVE-2021-30955 is the one we tried use to build our remote jailbreak chain but failed to complete on time. It also affects MacOS. https://t.co/lMdHKPfVSR
— mj0011 (@mj0011sec) December 13, 2021
What Other Vulnerabilities Were Fixed?
According to The Hacker News, in addition to the kernel bug CVE-2021-30955, five Kernel and four IOMobileFrameBuffer (a kernel extension for controlling the screen framebuffer) issues were fixed with the latest patches:
CVE-2021-30927 and CVE-2021-30980: A use after free issue that could allow a rogue application to run arbitrary code with kernel privileges. CVE-2021-30937: A memory corruption vulnerability that could allow a rogue application to