Security News > 2021 > December > Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones

Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones
2021-12-14 19:10

Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago.

A set of kernel vulnerabilities were eventually harnessed by the Pangu Team at the Tianfu hacking contest to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in cash rewards.

A total of five Kernel and four IOMobileFrameBuffer flaws have been remediated with the latest updates -.

CVE-2021-30949: A memory corruption issue that could allow a rogue application to run arbitrary code with kernel privileges.

On the macOS front, the Cupertino-based company patched an issue with the Wi-Fi module that a local user on the system could exploit to cause unexpected system termination and even read kernel memory.

Apple also resolved a couple of issues affecting Notes, and Password Manager in iOS that could enable a person with physical access to an iOS device to access contacts from the lock screen and retrieve stored passwords without any authentication.


News URL

https://thehackernews.com/2021/12/latest-apple-ios-update-patches-remote.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-30949 Out-of-bounds Write vulnerability in Apple products
A memory corruption issue was addressed with improved state management.
local
low complexity
apple CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349