Apple has released an emergency patch for iOS and iPadOS that fixes a dangerous 0-day vulnerability in mobile operating systems. The vulnerability, identified as CVE-2021-30883, was patched in iOS 15.0.2 and iPadOS 15.0.2.
It is reported that the new bug is already being abused by hackers, and it allows applications to execute commands with kernel privileges, that is, to take full control of the vulnerable device. The point is that kernel privileges allow an application to execute arbitrary commands on a device, and attackers can use this circumstance to steal data or install additional malware.
It is known that the root of the problem lies in the work of the IOMobileFramebuffer, but so far there are no technical details about the vulnerability itself, or about the attacks in which it was used. Apple, as usual, keeps this information secret to prevent other attackers from exploiting this bug, giving users time to install patches. However, cybersecurity researcher Saar Amar has already reversed the patch and published a description and PoC exploits for this bug on GitHub.
The list of affected devices is quite extensive and includes iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Catch up on more stories here
Follow us on Facebook here