Apple just fixed a zero-day flaw for iPhones and iPads – update now

Use an iPhone or iPad? Then you need to update your device right now. There is a new zero-day vulnerability affecting iPhones and iPads, and Apple just released an update to fix the issue and protect your devices.

Although Apple has not released any details on how the vulnerability was exploited in attacks, it can be used to steal data or install malware. So if your device asks you to update to iOS 15.0.2 or iPadOS 15.0.2, please do so right away.

Vulnerability CVE-2021-30883 is a critical memory corruption bug in the IOMobileFrameBuffer, and essentially allows applications to run commands on all vulnerable devices with kernel privileges.

Since kernel privileges allow any command to be executed on a device, this opens the door for bad actors to do a lot of nasty things which include, but not limited to, stealing data from your device. your device or installing some form of malware.

According to Apple, this vulnerability may have been actively exploited in attacks, although it did not provide any details of how. It’s a deliberate tactic that makes it much more difficult for others who have never been able to figure out the feat or reverse engineer the patch for their own benefit. Apple has confirmed, however, that the memory corruption issue has been resolved with better memory management.

Of course, like Beeping computer points out, that didn’t stop the security researcher Saar Amar reverse-engineering the patch to figure out what was going on. If you’re interested in all of the technical details of the exploit, be sure to check this out. After updating your device, that is.

Affected devices include all iPad Pro, 7th generation iPod Touch, iPhone 6S and all later models up to and including the new iPhone 13 line, iPad Air 2 and later models, the iPad mini 4 and later as well as the 5th generation iPad and all subsequent iPads. This includes a lot of devices, sometimes dating back to 2014 in some cases.

It’s not clear whether the exploit is widely used or involved specific targeted attacks, but it’s not worth finding out firsthand. Go to the settings menu and install these software updates immediately, provided your device has not already instructed you to do so.

Leave a Comment

Trending this Week