Apple has released a security update for a zero-day vulnerability in iOS that allows a malicious person to run code with kernel privileges on an iPhone or iPad through an app. According to Apple, the vulnerability may already have been actively exploited.
It is located around a Memory corruption case The IOMobileFrameBuffer covers all iPhone 6s and above, all models of iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and 7th generation iPod touch. Weakness made possible arbitrary code To run in an application, thus granting kernel privileges. Apple expects the vulnerability to be actively exploited. Apple calls to users Download iOS and iPadOS version 15.0.2, which contains the patch for the vulnerability, as soon as possible.
The vulnerability is registered under the CVE number CVE-2021-30883It was discovered by an anonymous security researcher. Apple has not yet released any details about the vulnerability. Fulgens The Hacker News It’s the seventeenth zero-day that Apple has tackled this year and the second time zero-day has targeted IOMobileFrameBuffer. A similar vulnerability, CVE-2021-30807, was fixed in July. In September, Apple invited users It can also be updated on operating systems due to the zero-day vulnerability associated with the Israeli company NSO Group.
In addition to the vulnerability, iOS 15.0.2 also addresses a number of minor bugs. For example, images saved from messages in the library can be deleted if the thread or associated message has been deleted. It has been addressed. Also, leather card holder with MagSafe for iPhone sometimes failed to connect to Find My, and Airtag sometimes didn’t show up in the “Objects” tab of Find My. The update also fixes an issue in CarPlay that sometimes prevented audio apps from opening or disconnecting while running. Finally, it fixes an issue affecting iPhone 13 models where a restore or update in Finder or iTunes might fail.
“Web maven. Infuriatingly humble beer geek. Bacon fanatic. Typical creator. Music expert.”