Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix the zero-day vulnerability that is actively used in attacks targeting Phones and iPads. The vulnerability, tracked as CVE-2021-30883, is a critical memory corruption vulnerability in IOMobileFrameBuffer that allows an application to execute commands at the kernel level. Attackers can exploit this vulnerability to steal data or install more malware. While Apple does not provide any details on how this vulnerability was used in attacks, it states that there are reports of it being actively used in attacks.
It affects older and newer models, including iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch.
Solution and CVE/CWE
It has released iOS 15.0.2 and iPadOS 15.0.2 to fix the zero-day vulnerability. While it is possible for the vulnerability to be used in targeted attacks and not widely used, due to its seriousness it is recommended to install the update as soon as possible. To update, click “Settings -> General -> Software Update“.
Note: A CVSS score of 3.1 (out of 10) of 7.0-8.9 is considered “high”, and 9.0-10.0 is considered a “critical” vulnerability.