Security News > 2021 > October > Apple patches 'actively exploited' iPhone zero-day with iOS 15.0.2 update

If you're using an iPhone, install the iOS 15.0.2 update immediately: Apple has warned that the latest OS upgrade patches an "Actively exploited" zero-day.

Described as a "Memory corruption issue" by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory.

While Apple stuck to its customarily terse and detail-free description of the vuln on its patch notes page, the world has been heavily focused on an iPhone-specific malware strain - Pegasus, one of Israeli malware vendor NSO Group's flagship products.

Reverse engineer and exploit mitigator Saar Amar published a technical analysis and proof-of-concept exploit shortly after Apple pushed the update, noting that the exploitable function "Is accessible directly from the app sandbox" by iOS apps, with no special user-account privileges required.

Precise details of how Pegasus infects iPhones isn't available in public, though it is understood that the malware was previously known to be capable of spreading without user interaction - "No-click install" is the phrase preferred by NSO. Previous methods that may have been used include an exploit of a now-patched WhatsApp zero day that allowed attackers to infect a mark by making booby-trapped WhatsApp calls to the victim's iPhone or Android handset - calls they didn't even have to answer.

Pegasus malware is sold to nation states for surveillance purposes and can harvest user data and log information from a host of commonly used apps.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/12/apple_ios_15_0_2_zero_day_patched/