Apple has released a security update on Monday for iPhone users to address a vulnerability in the iOS operating system that has been exploited in the wild.
Tracked as CVE-2021-30883, the zero-day resides in IOMobileFramebuffer, a kernel extension that allows developers to control how a device’s memory handles the screen display—the screen framebuffer, to be more exact.
According to Apple, a malicious application may be able to execute arbitrary code with kernel privileges using this vulnerability. Gaining access to kernel privileges gives attackers full control over the iOS device.
Technical details about the vulnerability, or details about the attacks where the vulnerability has been used, are not available at the time of writing, as Apple usually likes to keep this information secret in order to prevent other threat actors from weaponizing the same bug before users had a chance to patch.
Today’s zero-day is eerily similar to another zero-day, CVE-2021-30807, which Apple patched in July.
Users are advised to update to the latest iOS 15.0.2 and iPad 15.0.2 to mitigate the issue.
Today’s CVE-2021-30883 represents the 17th zero-day that Apple has patched in its products this year.
| CVE | Patch date | Description |
|---|---|---|
| CVE-2021-1782 | February 1 | A zero-day impacting the macOS, iOS, iPadOS, watchOS, and tvOS kernels. |
| CVE-2021-1870 | February 1 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-1871 | February 1 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-1879 | March 26 | WebKit bug impacting both old and new-gen iOS, iPadOS, and watchOS |
| CVE-2021-30657 | April 26 | macOS Gatekeeper bypass abused by Shlayer malware |
| CVE-2021-30661 | April 26 | WebKit zero-day impacting old and new-gen iOS, iPadOS, watchOS, and tvOS. |
| CVE-2021-30663 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30665 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30666 | May 3 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30713 | May 24 | macOS TCC bypass abused by XCSSET malware |
| CVE-2021-30761 | June 14 | WebKit zero-day impacting old-gen iOS devices |
| CVE-2021-30762 | June 14 | WebKit zero-day impacting old-gen iOS devices |
| CVE-2021-30807 | July 26 | IOMobileFramebuffer zero-day impacting iOS, iPadOS, and macOS |
| CVE-2021-30858 | September 13 | WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30860 | September 13 | Zero-day in the CoreGraphics component impacting macOS, iOS, iPadOS, and watchOS |
| CVE-2021-30869 | September 23 | XNU kernel component zero-day impacting iOS and macOS |
| CVE-2021-30883 | October 11 | IOMobileFramebuffer zero-day impacting iOS and iPadOS |
The post Apple patches iPhone zero-day in iOS 15.0.2 appeared first on The Record by Recorded Future.
Article Link: Apple patches iPhone zero-day in iOS 15.0.2 - The Record by Recorded Future