Apple closes zero-day gap in iOS 15 [13.10.21]
Apple released a second update for iOS 15 and iPadOS 15 on 11/10/2021 to fix a zero-day vulnerability (CVE-2021-30883). The vulnerability is a memory corruption in the IOMobileFrameBuffer component - a kernel extension to manage the screen buffer - that could be exploited to execute arbitrary code with kernel privileges.
iOS 15.0.2 and iPadOS 15.0.2 are supposed to fix the bug through better memory handling. Apple reportedly has information indicating that the zero-day vulnerability is already being actively exploited in IPhones and IPads, but did not provide more specific details. A security researcher has already described a proof-of-concept based on the published patch.
You can find further information e. g. at
- https://support.apple.com/en-us/HT212846
- https://www.heise.de/news/iOS-15-0-2-und-watchOS-8-0-1-Viele-Bugfixes-und-wieder-ein-Exploit-im-Umlauf-6214563.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag
If you have any questions, please contact kim-it@uni-hohenheim.de.
Do you have questions or comments about this site? contact form