Apple has come up with iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw actively abused in attacks against iPhones and iPads.
The vulnerability, tracked as CVE-2021-30883, is a serious memory corruption problem in the IOMobileFrameBuffer that allows an application to run commands with kernel privileges on affected devices.
Since kernel privileges enable the program to execute any command on the system, threat actors might exploit it to steal the information or install other malware.
While Apple has not revealed how this vulnerability was misused during attacks, they have said that it has been reported to be actively abused in attacks. The company revealed in a security advisory that Apple knows about the study showing the “actively exploited” risk about this flaw.
“Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” the alert says.
According to the security update, the vulnerability had been reported to Apple by an anonymous researcher.
Apple intentionally leaves vulnerability reports vague to ensure that the update is installed on as many devices as possible before other threat actors figure out the specifics or reverse engineer the fix to develop their own exploits.
However, shortly after it was deployed, security researcher Saar Amar published a technical paper and proof-of-concept exploit based on reverse-engineering the patch.
The list of devices affected is pretty long. It includes the iPhone 6s and later, iPad mini 4 and later, iPad Pro (all models), iPad 5th generation and later, iPad Air 2 and later, and iPod touch (7th generation).
While it is conceivable that the vulnerability is only exploited in targeted attacks and not generally used, owing to its severity, it is strongly recommended to install the update as soon as feasible.