Apple rolled out a security update with the release of 15.0.2 on 11th Oct. In the security update, Apple fixed a memory corruption issue in iOS v15.0.1 and below versions tracking as CVE-2021-30883. Let’s see how you can fix CVE-2021-30883. With fixing this zero-day vulnerability, it made Apple fix 17 zero-days since the start of the year.
Table of Contents
What Is CVE-2021-30883?
According to the security researchers, this is the 2nd zero-day vulnerability found in the “IOMobileFrameBuffer” component. To be clear, this is a memory corruption issue in the “IOMobileFrameBuffer” that could allow adversaries to execute arbitrary code (ACE) with kernel privileges on the victim’s device. The report also says that the zero-day has been seen actively exploiting in the wild.
The iPhone maker didn’t release technical details about the CVE-2021-30883 vulnerability. If you are keen to know more about the vulnerability, Security researcher Saar Amar published a post with some technical specifics and Proof of Concept (POC).
What Is The Impact Of CVE-2021-30883?
POC says that “This attack surface is highly interesting because it’s accessible from the app sandbox (so it’s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains (WebContent, etc.).” Attackers can abuse the vulnerability to execute arbitrary code with kernel privileges just by installing an application on the victim’s device.
Devices Affected With CVE-2021-30883:
This vulnerability affects all iPhones, iPads, and iPods running iOS v15.0.1 and below.
How To Fix CVE-2021-30883?
Apple fixed the CVE-2021-30883 vulnerability with improved memory handling in iOS 15.0.2 and iPadOS 15.0.2 and asked its users to update the iOS to the newest version (iOS 15.0.2 and iPadOS 15.0.2). You can visit the Apple Product Security page for more information about the security. With this, we recommend few best practices to follow to stay away from such zero-days.
- Run device memory cleanup over time using a trusted premium application.
- Keep your device up-to-date with regular on-time updates.
- Don’t keep unused apps.
- Install apps only from the App store.
We hope this post will help you in fixing CVE-2021-30883 with some simple best practices. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270056.html