Security News > 2021 > October > Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution zero-day vulnerability that's being actively exploited.

Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now's a really good time to update your iOS device.

A week and a half ago, Apple released iOS 15.0.1 to fix a slew of performance glitches, but iOS 15.0.2 is the first security update for the new OS. Monday's patch addresses a memory-corruption zero day - tracked as CVE-2021-30883 - in IOMobileFrameBuffer, which is a kernel extension that acts as a screen framebuffer, allowing developers to control how the memory in a device uses the screen display.

Shortly after the patch was released, a security researcher named Saar Amar published both a technical explanation and proof-of-concept exploit code.

Monday's update, iOS 15.0.2, is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch.

The fix comes just weeks after Apple's September release of iOS 15, replete with its much-ballyhooed new security defenses.

News URL

https://threatpost.com/apple-urgent-ios-updates-zero-day/175419/