Apple on Monday released updates to
iOS,
macOS,
tvOS, and
watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago.
Tracked as CVE-2021-30955, the issue could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple said it addressed the race condition bug with "improved state handling." The flaw also impacts macOS devices.
"The kernel bug CVE-2021-30955 is the one we tried [to] use to build our remote jailbreak chain but failed to complete on time," Kunlun Lab's chief executive, @mj0011sec,
said in a tweet. A set of similar kernel vulnerabilities were eventually harnessed by the Pangu Team at the
Tianfu hacking contest to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in cash rewards.
Besides CVE-2021-30955, a total of five Kernel and four
IOMobileFrameBuffer (a kernel extension for managing the screen
framebuffer) flaws have been remediated with the latest updates —
