Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOS

Pierluigi Paganini June 04, 2021

Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724, that impacts macOS, iOS and iPadOS.

Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724, that impacts macOS, iOS, and iPadOS.

The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and iPadOS 14.6.

“We discovered a vulnerability in macOS rooted in the Core Virtual Machine Server (CVMServer). The vulnerability, labeled CVE-2021-30724, is triggered by an integer overflow leading to an out-of-bounds memory access, from which point privilege escalation can be attained.” reads the analysis published by Trend Micro. “It affects devices running older versions of macOS Big Sur 11.4, iOS 14.6, and iPadOS 14.6.”

The flaw exists in the Core Virtual Machine Server (CVMServer), an XPC service and system daemon that runs with root privileges to handle XPC requests. The XPC framework was implemented by Apple to implement a low-level communication mechanism between different processes. Client processes send XPC request messages through an XPC-related API. In particular, the vulnerability resides in the XPC request message handler and an attacker can trigger it using specially crafted requests.

Apple addressed the vulnerability by improving checks, it added a check to avoid the integer overflow.

Trend Micro also released a proof-of-concept (PoC) exploit code.

“The vulnerability is moderately difficult to trigger, but not impossible, as we had demonstrated here. If CVE-2021-30724 is left unpatched, an attacker can elevate his privileges by exploiting the vulnerability. Users should keep their devices up-to-date to receive the latest patches.” concludes Trend Micro.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2021-30724)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment