iOS 15.0.2 fixes a Vulnerability being Exploited in the Wild

Home / Threat Intelligence bulletins / iOS 15.0.2 fixes a Vulnerability being Exploited in the Wild

Overview

Apple has released an update for iOS to address a vulnerability which is being exploited in the wild.

The bug (CVE-2021-30883) is a memory corruption issue with IOMobileFrameBuffer.

Researchers have analysed the patch and released proof of concept code to exploit the vulnerability.

Impact

An application may be able to execute arbitrary code with kernel privileges.

Vulnerability Detection

To see the current version on iOS go to
`Settings > General > About`

Affected Products

  • iPhone 6s and later
  • iPad Pro (all models)
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 4 and later
  • iPod touch (7th generation)

Containment, Mitigations & Remediations

Devices should be updated as soon as possible.

To update iOS go to
Settings > General > Software Update
This should either say “iOS is up to date” or give you the option to update.

Indicators of Compromise

None given.

Mitre Methodologies

T1404 – Exploit OS Vulnerability

Further Information

About the security content of iOS 15.0.2 and iPadOS 15.0.2

Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2