Difference between revisions of "CVE-2021-30883"

Latest revision as of 18:27, 26 October 2021

On 11 October 2021, Apple released iOS 15.0.2 with a fix for CVE-2021-30883, a vulnerability in IOMobileFrameBuffer which allows kernel code execution, and has been exploited in the wild according to Apple. The bug is also present in iOS 15.1 betas 1, 2 and 3. It was fixed in 14.8.1, 15.0.2, and 15.1b4.

Note that despite also involving IOMFB, this is a different vulnerability than CVE-2021-30807 which was fixed in 14.7.1.

Saar Amar quickly bindiff'd the kernel and wrote a blog post and PoC about this vulnerability.

Unlike CVE-2021-30807, this vulnerability is apparently exploitable from the app sandbox without any special entitlement.

Saar's PoC works on A10X, A11, A12, and A13 devices. Apparently, A14/A15 moved this code to the DCP^[1]. A small change to the PoC makes it panic the DCP coprocessor, which then panics the iOS kernel, but this is unlikely to allow exploiting the kernel.

References

^ Tweet from Adam Donenfeld (Zimperium): This has been moved to the display coprocessor (DCP) starting from 15, at least on iPhone 12 (and most probably other ones as well)

This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag.

[1] Tweet from Adam Donenfeld (Zimperium): This has been moved to the display coprocessor (DCP) starting from 15, at least on iPhone 12 (and most probably other ones as well)

[1]

Revision as of 17:59, 13 October 2021 (view source) Nicolas17 (talk \| contribs) (iOS 15.1b4 patched vuln) ← Older edit		Latest revision as of 18:27, 26 October 2021 (view source) Nicolas17 (talk \| contribs) (Update list of fixed versions)
Line 1:		Line 1:
−	On {{date\|2021\|10\|11}}, [https://support.apple.com/en-us/HT212623 Apple released iOS 15.0.2] with a fix for CVE-2021-30883, a vulnerability in IOMobileFrameBuffer which allows kernel code execution, and has been exploited in the wild according to Apple. The bug is also present in iOS 15.1 betas 1, 2 and 3 ~~(beta~~ 4 ~~patched~~ ~~it)~~.	+	On {{date\|2021\|10\|11}}, [https://support.apple.com/en-us/HT212623 Apple released iOS 15.0.2] with a fix for CVE-2021-30883, a vulnerability in IOMobileFrameBuffer which allows kernel code execution, and has been exploited in the wild according to Apple. The bug is also present in iOS 15.1 betas 1, 2 and 3. It was fixed in 14.8.1, 15.0.2, and 15.1b4.

	Note that despite also involving IOMFB, this is a different vulnerability than [[CVE-2021-30807]] which was fixed in 14.7.1.		Note that despite also involving IOMFB, this is a different vulnerability than [[CVE-2021-30807]] which was fixed in 14.7.1.

Difference between revisions of "CVE-2021-30883"

Latest revision as of 18:27, 26 October 2021

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Miscellaneous

Tools