Apple Patches iOS 15 to Address Zero-Day Vulnerability

Less than a month after the release of Apple's mobile operating system, iOS 15 has been patched to version 15.0.2 to address a newly-discovered vulnerability affecting the platform.

The vulnerability is codified as CVE-2021-30883 and has a high risk rating. The vulnerability concerns privilege escalation and allowing external actors to execute potentially malicious code with kernel privileges.

The official description provided by Apple states that "an application may be able to execute arbitrary code with kernel privileges".

The patch is live and all Apple mobile device users are encouraged to update to 15.0.2 as soon as possible, as the vulnerability is reported as already actively exploited in the wild.

The vulnerability affected an iOS kernel extension named IOMobileFrameBuffer that is customarily used to handle the screen frame buffer. SecurityWeek reported that so far in 2021, this is the sixteenth zero-day discovered in Apple products that is actively exploited, out of a total of 76 attacks abusing vulnerabilities in the wild.

Somewhat ironically, a security patch follows very briefly after the main version number increment of Apple's operating system, with version 15 being very focused on expanding and updating security features.

A flagship feature of the big update was the built-in multi-factor authentication code generator, as well as the expanded features aiming to limit user behavior tracking. This effectively eliminated the need for Apple device users to download third-party applications to handle MFA authentication and automated the process of feeding the multi-factor authentication codes into the environment that requires them.

Another feature introduced in the 15.0 update is what Apple calls Mail Privacy Protection. This new functionality should stop email marketing from gleaning information about what the end-user does in their Mail app, effectively limiting targeted advertising and minimizing data collection.

October 12, 2021