Multiple Vulnerabilities in Apple iOS Could Allow for Arbitrary Code Execution
by CIRT Team
DESCRIPTION:
Multiple vulnerabilities have been discovered in Apple iOS that could
allow for arbitrary code execution. iOS is a mobile operating system for
mobile devices, including the iPhone, iPad, and iPod touch. Successful
exploitation of these vulnerabilities could result in arbitrary code
execution within the context of the application, an attacker gaining the
same privileges as the logged-on user, or the bypassing of security
restrictions. Depending on the permission associated with the
application running the exploit, an attacker could then install
programs; view, change, or delete data.
IMPACT:
Multiple vulnerabilities have been discovered in Apple iOS that could
allow for arbitrary code execution. Details of these vulnerabilities are
as follows:
* A memory corruption issue in the ASN.1 decoder may lead to arbitrary
code execution. (CVE-2021-30737)
* A memory corruption issue in WebKit may lead to arbitrary code
execution. (CVE-2021-30761)
* A use after free issue in WebKit may lead to arbitrary code execution.
(CVE-2021-30762)
Successful exploitation of these vulnerabilities could result in
arbitrary code execution within the context of the application, an
attacker gaining the same privileges as the logged-on user, or the
bypassing of security restrictions. Depending on the permission
associated with the application running the exploit, an attacker could
then install programs; view, change, or delete data.
SYSTEM AFFECTED:
* iOS versions prior to 12.5.4
RECOMMENDATIONS:
We recommend the following actions be taken:
* Apply appropriate patches provided by Apple to vulnerable systems
immediately after appropriate testing.
* Run all software as a nonprivileged user (one without administrative
privileges) to diminish the effects of a successful attack.
* Remind users not to download, accept or execute files from untrusted
and unknown sources.
* Remind users not to visit untrusted websites or follow links provided
by untrusted or unknown sources.
* Evaluate read, write, and execute permissions on all newly installed
software.
* Apply the Principle of Least Privilege to all systems and services.
REFERENCES:
https://support.apple.com/en-us/HT212548
https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30762
Recommended Posts
Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh
06 Nov 2024 - Security Advisories & Alerts