[TheRecord] Apple patches iPhone zero-day in iOS 15.0.2

Apple has released a security update on Monday for iPhone users to address a vulnerability in the iOS operating system that has been exploited in the wild.

Tracked as CVE-2021-30883, the zero-day resides in IOMobileFramebuffer, a kernel extension that allows developers to control how a device’s memory handles the screen display—the screen framebuffer, to be more exact.

According to Apple, a malicious application may be able to execute arbitrary code with kernel privileges using this vulnerability. Gaining access to kernel privileges gives attackers full control over the iOS device.

Technical details about the vulnerability, or details about the attacks where the vulnerability has been used, are not available at the time of writing, as Apple usually likes to keep this information secret in order to prevent other threat actors from weaponizing the same bug before users had a chance to patch.

Today’s zero-day is eerily similar to another zero-day, CVE-2021-30807, which Apple patched in July.

Users are advised to update to the latest iOS 15.0.2 and iPad 15.0.2 to mitigate the issue.

Today’s CVE-2021-30883 represents the 17th zero-day that Apple has patched in its products this year.

CVEPatch dateDescriptionCVE-2021-1782February 1A zero-day impacting the macOS, iOS, iPadOS, watchOS, and tvOS kernels.CVE-2021-1870February 1WebKit zero-day impacting macOS, iOS, iPadOS, and watchOSCVE-2021-1871February 1WebKit zero-day impacting macOS, iOS, iPadOS, and watchOSCVE-2021-1879March 26WebKit bug impacting both old and new-gen iOS, iPadOS, and watchOSCVE-2021-30657April 26macOS Gatekeeper bypass abused by Shlayer malwareCVE-2021-30661April 26WebKit zero-day impacting old and new-gen iOS, iPadOS, watchOS, and tvOS.CVE-2021-30663May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOSCVE-2021-30665May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOSCVE-2021-30666May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOSCVE-2021-30713May 24macOS TCC bypass abused by XCSSET malwareCVE-2021-30761June 14WebKit zero-day impacting old-gen iOS devicesCVE-2021-30762June 14WebKit zero-day impacting old-gen iOS devicesCVE-2021-30807July 26IOMobileFramebuffer zero-day impacting iOS, iPadOS, and macOSCVE-2021-30858September 13WebKit zero-day impacting macOS, iOS, iPadOS, and watchOSCVE-2021-30860September 13Zero-day in the CoreGraphics component impacting macOS, iOS, iPadOS, and watchOSCVE-2021-30869September 23XNU kernel component zero-day impacting iOS and macOSCVE-2021-30883October 11IOMobileFramebuffer zero-day impacting iOS and iPadOS

The post Apple patches iPhone zero-day in iOS 15.0.2 appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2021-09-20

Alaska discloses sophisticated’ nation-state cyberattack on health service therecord.media/alaska-discloses-sophisticated-nation-state-cyberattack-on-health-service/ A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), the agency said last week. While the DHSS made the incident public on May 18 and published two updates in June and August, the agency […]

Read More

[TheRecord] Scammers steal $2.3 million from small US town

The Town of Peterborough, New Hampshire, said it lost $2.3 million after scammers tricked town employees into sending large payments to the wrong accounts. Town officials said they first learned of the losses on July 26 after the ConVal School District said it did not receive its $1.2 million monthly transfer. An investigation into the […]

Read More

[NCSC-FI News] Cyberattacks Rage in Ukraine, Support Military Operations

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine’s digital infrastructure. Source: Read More (NCSC-FI daily news followup)

Read More