By security practitioners, for security practitioners innovate | novacoast federal | novaSOC | novacoast
By security practitioners, for security practitioners

Apple Releases Updates to Actively Exploited iOS and iPadOS Vulnerability

The vulnerability allows for arbitrary code execution at kernel level permissions and appears to be actively leveraged by threat actors. A software update should be performed ASAP.

Background

Apple has released an emergency update to iOS and iPadOS, impacting iPhones and iPads. It patches a severe memory corruption vulnerability, CVE-2021-30883.

It is essential that iPhones and iPads be updated ASAP, as Apple warns they have evidence of active exploitation in the wild.

Vulnerability details

The update patches CVE-2021-30883, which is a memory corruption vulnerability within IOMobileFrameBuffer that can allow an application to execute arbitrary code with kernel level permissions.

The kernel is the underlying core program that supports the higher level operating system you use on a day-to-day basis. With the kernel being the mechanism that defines file system permissions, it is more permissive and powerful than that of a normal administrative account as it can circumvent the permissions layer entirely.

While Apple is notoriously tight-lipped about details of their security vulnerabilities, Bleeping Computer mentions that a Proof of Concept (PoC) exploit has been made available by security researchers who reverse engineered the patch.

Mitigations

The Apple advisory states that the following devices are impacted:

  • iPhone 6s and later
  • iPad Pro (all models)
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 4 and later
  • iPod touch (7th generation)

 
It’s recommended you update potentially impacted devices to iOS 15.0.2 or iPadOS 15.0.2.
 

Resources

Official Apple Security Advisory
https://support.apple.com/en-us/HT212846

Bleeping Computer Article https://www.bleepingcomputer.com/news/security/emergency-apple-ios-1502-update-fixes-zero-day-used-in-attacks/

NVD entry
https://nvd.nist.gov/vuln/detail/CVE-2021-30883

Previous Post

Apache Patches Actively Exploited Directory Traversal Flaw In Popular HTTP Server

Next Post

October Patch Tuesday Updates More Than 40 Microsoft Products and Technologies