Apple patches iPhone zero-day in iOS 15.0.2

Apple has released a security update on Monday for iPhone users to address a vulnerability in the iOS operating system that has been exploited in the wild.

Tracked as CVE-2021-30883, the zero-day resides in IOMobileFramebuffer, a kernel extension that allows developers to control how a device’s memory handles the screen display—the screen framebuffer, to be more exact.

According to Apple, a malicious application may be able to execute arbitrary code with kernel privileges using this vulnerability. Gaining access to kernel privileges gives attackers full control over the iOS device.

Technical details about the vulnerability, or details about the attacks where the vulnerability has been used, are not available at the time of writing, as Apple usually likes to keep this information secret in order to prevent other threat actors from weaponizing the same bug before users had a chance to patch.

Nonetheless, a security researcher published both a technical explanation and proof-of-concept code to exploit the bug on their blog shortly after the patch was released.

Today’s zero-day is also eerily similar to another zero-day, CVE-2021-30807, which Apple patched in July.

Users are advised to update to the latest iOS 15.0.2 and iPad 15.0.2 to mitigate the issue.

Today’s CVE-2021-30883 represents the 17th zero-day that Apple has patched in its products this year.

CVEPatch dateDescription
CVE-2021-1782February 1A zero-day impacting the macOS, iOS, iPadOS, watchOS, and tvOS kernels.
CVE-2021-1870February 1WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-1871February 1WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-1879March 26WebKit bug impacting both old and new-gen iOS, iPadOS, and watchOS
CVE-2021-30657April 26macOS Gatekeeper bypass abused by Shlayer malware
CVE-2021-30661April 26WebKit zero-day impacting old and new-gen iOS, iPadOS, watchOS, and tvOS.
CVE-2021-30663May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30665May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30666May 3WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30713May 24macOS TCC bypass abused by XCSSET malware
CVE-2021-30761June 14WebKit zero-day impacting old-gen iOS devices
CVE-2021-30762June 14WebKit zero-day impacting old-gen iOS devices
CVE-2021-30807July 26IOMobileFramebuffer zero-day impacting iOS, iPadOS, and macOS
CVE-2021-30858September 13WebKit zero-day impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30860September 13Zero-day in the CoreGraphics component impacting macOS, iOS, iPadOS, and watchOS
CVE-2021-30869September 23XNU kernel component zero-day impacting iOS and macOS
CVE-2021-30883October 11IOMobileFramebuffer zero-day impacting iOS and iPadOS

Article updated to add link to blog post containing PoC exploit.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

CISA should split from DHS or made part of broader ‘Digital Agency’: Fmr Director Chris Krebs

Former Cybersecurity and Infrastructure Security Agency (CISA) director Chris Krebs called for significant adjustments to…

21 mins ago

Sierra Leone internet cut amid anti-government protests

The West African nation of Sierra Leone experienced a near-total internet blackout on Wednesday, in…

3 hours ago

CISA releases toolkit to improve cyberdefenses ahead of elections

Toolkit is part of a continued campaign to improve cyberdefenses ahead of midterm elections.

4 hours ago

Ransomware tracker: the latest figures [August 2022]

The number of ransomware attacks targeting several key sectors dipped in May, but one group…

6 hours ago

Microsoft confirms ‘DogWalk’ zero-day vulnerability has been exploited

Microsoft has published a fix for a zero-day bug discovered in 2019 that it originally…

7 hours ago

Malicious code exploiting recent VMware bug publicly available, company warns

VMware updated an advisory on Tuesday warning that malicious code exploiting CVE-2022-31656 and CVE-2022-31659 is…

19 hours ago