Apple Patches Actively Exploited Zero-Day in iOS 15

Apple incremented the version number of its mobile iOS to 15.0 just a few short weeks ago. Now the company has released a second patch, bringing the version number to 15.0.2 and fixing a vulnerability in the code that has reportedly already been exploited in the wild.

The zero-day is recorded under the CVE-2021-30883 handle and affects a kernel extension called IOMobileFrameBuffer. The extension is normally used to work with the screen frame buffer on mobile devices. However, the zero-day allowed bad actors to execute custom code with elevated kernel privileges, making it a significant danger.

As always, all Apple device users are urged to update to the latest version to avoid any potential risks of attack using the known exploit. Apple acknowledged the fact that the vulnerability has already been reported as being actively exploited in the wild and described the specifics with a short bit in the official update advisory, explaining that "application may be able to execute arbitrary code with kernel privileges".

A security researcher named Saar Amar has published a detailed technical examination of the bug allowing elevated privilege code execution. The research was conducted after Amar reverse-engineered the latest Apple patch and set up a proof of concept to trigger the bug.

Apple's iOS 15.0 release was focused on security and privacy improvements, introducing a couple of big new features to the operating system. The first of those was what Apple named Mail Privacy Protection. The technology is intended to elevate the level of privacy users have in their Mail inboxes and to limit the information exposure to email marketing platforms. This should lead to improved privacy and less targeted advertising landing in your inbox.

The other big feature was the introduction of a native iOS multi-factor authentication app, which eliminates the need to download and install third-party apps when a site or service requires MFA. The integration means that users will never need to fiddle with MFA codes as the integrated Apple application will take care of entering them automatically once it has been set up properly.