The vulnerability allows for arbitrary code execution at kernel level permissions and appears to be actively leveraged by threat actors. A software update should be performed ASAP.
Background
Apple has released an emergency update to iOS and iPadOS, impacting iPhones and iPads. It patches a severe memory corruption vulnerability, CVE-2021-30883.
It is essential that iPhones and iPads be updated ASAP, as Apple warns they have evidence of active exploitation in the wild.
Vulnerability details
The update patches CVE-2021-30883, which is a memory corruption vulnerability within IOMobileFrameBuffer that can allow an application to execute arbitrary code with kernel level permissions.
The kernel is the underlying core program that supports the higher level operating system you use on a day-to-day basis. With the kernel being the mechanism that defines file system permissions, it is more permissive and powerful than that of a normal administrative account as it can circumvent the permissions layer entirely.
While Apple is notoriously tight-lipped about details of their security vulnerabilities, Bleeping Computer mentions that a Proof of Concept (PoC) exploit has been made available by security researchers who reverse engineered the patch.
Mitigations
The Apple advisory states that the following devices are impacted:
- iPhone 6s and later
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPod touch (7th generation)
It’s recommended you update potentially impacted devices to iOS 15.0.2 or iPadOS 15.0.2.
Resources
Official Apple Security Advisory
https://support.apple.com/en-us/HT212846
Bleeping Computer Article https://www.bleepingcomputer.com/news/security/emergency-apple-ios-1502-update-fixes-zero-day-used-in-attacks/
