4th December 2022

Zero-day Vulnerability for Apple iOS – CVE-2021-30883

Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix the zero-day vulnerability that is actively used in attacks targeting Phones and iPads. The vulnerability, tracked as CVE-2021-30883, is a critical memory corruption vulnerability in IOMobileFrameBuffer that allows an application to execute commands at the kernel level. Attackers can exploit this vulnerability to steal data or install more malware. While Apple does not provide any details on how this vulnerability was used in attacks, it states that there are reports of it being actively used in attacks.

Apple iOS
Apple iOS

 

Affected Systems

It affects older and newer models, including iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch.

Solution and CVE/CWE

It has released iOS 15.0.2 and iPadOS 15.0.2 to fix the zero-day vulnerability. While it is possible for the vulnerability to be used in targeted attacks and not widely used, due to its seriousness it is recommended to install the update as soon as possible. To update, click “Settings -> General -> Software Update“.

CVE/CWE: CVE-2021-30883

Software Update
Software Update

 

Note: A CVSS score of 3.1 (out of 10) of 7.0-8.9 is considered “high”, and 9.0-10.0 is considered a “critical” vulnerability.

Reference:

https://www.bleepingcomputer.com/

LEARN MORE  McAfee Endpoint Security Two Vulnerabilities and Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *