Are you an iPhone or iPad user? Then you should update your device now, there is a new zero-day vulnerability affecting iPhones and iPads, and Apple has just released an update to fix this issue and keep your device secure.
Apple has not released details on how this vulnerability could be exploited in an attack, but it could be used to steal data or install malware. Therefore, if your device asks you to update to iOS 15.0.2 or iPadOS 15.0.2, do so immediately.
The CVE-2021-30883 vulnerability is a critical memory corruption bug inside IOMobileFrameBuffer that essentially allows apps to execute commands on vulnerable devices with kernel privileges.
Kernel privileges allow any command to be executed on the device, allowing malicious actors to steal data from the device or install some malware.
According to Apple, this vulnerability may be actively exploited in the attack, but details on how have not been disclosed. This is a deliberate tactic, making it more difficult for other doers to figure out the exploit or reverse engineer the patch for their own benefit. However, Apple has confirmed that improvements in memory handling have fixed the memory corruption problem.
Of course, as Bleeping Computer points out, that doesn't stop security researcher Saar Amar from reverse engineering the patch to figure out what's going on. If you are interested in the technical details of the exploit, we encourage you to read that article. Once the device has been updated, that is.
Affected devices include all iPad Pro, 7th generation iPod Touch, iPhone 6S and all subsequent models up to the new iPhone 13 series, iPad Air 2 and later models, iPad mini 4 and later models, and 5th generation iPad and all succeeding iPads. This includes a very large number of devices, in some cases dating back to 2014.
It is unclear if this exploit is widely used or involved in a specific targeted attack, but it is not worth looking into directly. Go into the settings menu and install the software update immediately.
Comments