Security News > 2021 > October > Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)
With the newest iOS and iPad updates, Apple has fixed another vulnerability that is being actively exploited by attackers.
The vulnerability may be exploited by an application to execute arbitrary code with kernel privileges, Apple explained.
As per usual, Apple did not share more details about the flaw or the attack(s) exploiting it, and the researcher who discovered it remains unnamed.
He confirmed that the POC works on iOS 15.0 and iOS 14.7.1 and says it will probably work on earlier versions of the OS. "Unlike the previous in-the-wild vulnerability in IOMFB/AppleCLCD, no special entitlements are required. You can just create an iOS app with my POC, run it on the device and trigger the bug," he added.
The released iOS and iPadOS updates that fix CVE-2021-30883 are available from iPhone 6s and later, all models of iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the 7th generation of iPod touch.
We don't know the nature of the attacks exploiting the vulnerability, but users are advised to update their mobile iDevices to plug the hole as soon as possible.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/8WwrMDOUEk0/
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-30883 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 7.8 |