Security News > 2021 > October > Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)
With the newest iOS and iPad updates, Apple has fixed another vulnerability that is being actively exploited by attackers.
The vulnerability may be exploited by an application to execute arbitrary code with kernel privileges, Apple explained.
As per usual, Apple did not share more details about the flaw or the attack(s) exploiting it, and the researcher who discovered it remains unnamed.
He confirmed that the POC works on iOS 15.0 and iOS 14.7.1 and says it will probably work on earlier versions of the OS. "Unlike the previous in-the-wild vulnerability in IOMFB/AppleCLCD, no special entitlements are required. You can just create an iOS app with my POC, run it on the device and trigger the bug," he added.
The released iOS and iPadOS updates that fix CVE-2021-30883 are available from iPhone 6s and later, all models of iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the 7th generation of iPod touch.
We don't know the nature of the attacks exploiting the vulnerability, but users are advised to update their mobile iDevices to plug the hole as soon as possible.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/8WwrMDOUEk0/
Related news
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-30883 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 7.8 |