Security News > 2021 > December > Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones
Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago.
A set of kernel vulnerabilities were eventually harnessed by the Pangu Team at the Tianfu hacking contest to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in cash rewards.
A total of five Kernel and four IOMobileFrameBuffer flaws have been remediated with the latest updates -.
CVE-2021-30949: A memory corruption issue that could allow a rogue application to run arbitrary code with kernel privileges.
On the macOS front, the Cupertino-based company patched an issue with the Wi-Fi module that a local user on the system could exploit to cause unexpected system termination and even read kernel memory.
Apple also resolved a couple of issues affecting Notes, and Password Manager in iOS that could enable a person with physical access to an iOS device to access contacts from the lock screen and retrieve stored passwords without any authentication.
News URL
https://thehackernews.com/2021/12/latest-apple-ios-update-patches-remote.html
Related news
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- How to lock and hide iPhone apps in iOS 18 (source)
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-24 | CVE-2021-30949 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 7.8 |