Summary

On Monday 11th October 2021, Apple released security updates to fix a zero-day vulnerability which is been exploited in the wild targeting iPhone and iPad. This vulnerability is a critical memory corruption bug in the IOMobileFrameBuffer tracked as CVE-2021-30883. This allows an application to execute arbitrary code with kernel privileges on vulnerable devices.

“Apple is aware of a report that this issue may have been actively exploited.” Apple stated in the advisory they published. When the vulnerability was published security researcher Saar Amar shared a proof-of-concept (PoC) exploit “This attack surface is highly interesting because it’s accessible from the app sandbox (so it’s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains (WebContent, etc.).” stated Saar Amar in his article.

This is the 17^th zero-day flaw apple has address in 2021 and 2^nd zero-day IOMobileFrameBuffer vulnerability. The impacted devices are iPhone 6s and latest, iPad Pro (all models), iPad Air 2 and latest, iPad 5th generation and latest, iPad mini 4 and latest, and iPod touch (7th generation).

Impact

• Allows an application to execute arbitrary code with kernel privileges on vulnerable devices. This can be used to steal data.

Remediate

• Update to the latest version iOS 15.0.2 and iPadOS 15.0.2

References

• https://support.apple.com/en-us/HT212846
• https://thehackernews.com/2021/10/apple-releases-urgent-iphone-and-ipad.html
• https://www.bleepingcomputer.com/news/security/emergency-apple-ios-1502-update-fixes-zero-day-used-in-attacks/