Apple patched a zero-working day vulnerability in iOS 15..2 on Monday that enabled distant code execution with kernel privileges.
The iOS vulnerability, CVE-2021-30883, impacts kernel extension IOMobileFrameBuffer. Apple described the flaw in its security advisory as a memory corruption challenge and reported it “may well have been actively exploited.”
Apple reported in the advisory that the recently patched bug impacts “Apple iphone 6s and later on, iPad Pro (all versions), iPad Air 2 and later on, iPad fifth generation and later on, iPad mini 4 and later on, and iPod touch (seventh generation).” The publish reported that the organization has been given “a report” of exploitation but did not elaborate even further.
SearchSecurity requested Apple how prevalent the exploitation was, but a spokesperson declined to remark.
Cell security vendor ZecOps tweeted Tuesday that simply because the latest iOS vulnerability can be exploited from a browser, it is “best” for watering gap attacks.
Saar Amar, a researcher with the Microsoft Security Reaction Center (MSRC), revealed a technological weblog about the vulnerability on GitHub that presented an overview of the bug and, broadly talking, how it can be exploited. In the publish, he known as the vulnerability “great for jailbreaks” due to its accessibility by using App Sandbox and showcased a evidence of concept.
The origin of the zero-working day is not known, and Apple credited the find to an “anonymous researcher.”
CVE-2021-30883 marks the latest flaw in a string of Apple zero-working day vulnerabilities this yr. Additional than a dozen this sort of flaws have been exploited in the wild in 2021, various of which have impacted Apple’s WebKit browser engine.
In other vulnerability information, Apple has come below hearth in latest weeks for its bug bounty system, which scientists have criticized for conversation concerns and, in some scenarios, an alleged absence of acknowledgement. From this aggravation, a person researcher publicly produced three apparent zero-times previous month.
Alexander Culafi is a author, journalist and podcaster dependent in Boston.