Security News > 2021 > October > Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
2021-10-12 15:17

Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution zero-day vulnerability that's being actively exploited.

Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now's a really good time to update your iOS device.

A week and a half ago, Apple released iOS 15.0.1 to fix a slew of performance glitches, but iOS 15.0.2 is the first security update for the new OS. Monday's patch addresses a memory-corruption zero day - tracked as CVE-2021-30883 - in IOMobileFrameBuffer, which is a kernel extension that acts as a screen framebuffer, allowing developers to control how the memory in a device uses the screen display.

Shortly after the patch was released, a security researcher named Saar Amar published both a technical explanation and proof-of-concept exploit code.

Monday's update, iOS 15.0.2, is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch.

The fix comes just weeks after Apple's September release of iOS 15, replete with its much-ballyhooed new security defenses.


News URL

https://threatpost.com/apple-urgent-ios-updates-zero-day/175419/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-30883 Out-of-bounds Write vulnerability in Apple products
A memory corruption issue was addressed with improved memory handling.
local
low complexity
apple CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 138 568 4105 1576 2442 8691