Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now’s a really good time to update your iOS device.
A week and a half ago, Apple released iOS 15.0.1 to fix a slew of performance glitches, but iOS 15.0.2 is the first security update for the new OS.
Monday’s patch addresses a memory-corruption zero day – tracked as cve-2021-30883 – in IOMobileFrameBuffer, which is a kernel extension that acts as a screen framebuffer, allowing developers to control how the memory in a device uses the screen display.
“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” the company said.
Attackers who get access to kernel privileges gain