Security News > 2021 > October > Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)

With the newest iOS and iPad updates, Apple has fixed another vulnerability that is being actively exploited by attackers.

The vulnerability may be exploited by an application to execute arbitrary code with kernel privileges, Apple explained.

As per usual, Apple did not share more details about the flaw or the attack(s) exploiting it, and the researcher who discovered it remains unnamed.

He confirmed that the POC works on iOS 15.0 and iOS 14.7.1 and says it will probably work on earlier versions of the OS. "Unlike the previous in-the-wild vulnerability in IOMFB/AppleCLCD, no special entitlements are required. You can just create an iOS app with my POC, run it on the device and trigger the bug," he added.

The released iOS and iPadOS updates that fix CVE-2021-30883 are available from iPhone 6s and later, all models of iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the 7th generation of iPod touch.

We don't know the nature of the attacks exploiting the vulnerability, but users are advised to update their mobile iDevices to plug the hole as soon as possible.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/8WwrMDOUEk0/