Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

The bug is under . Within hours of the release, a researcher published POC code, calling it a “great” that can be used for jailbreaks and local privilege escalation.

Apple on Monday rushed out a security update for 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution () zero-day vulnerability that’s being actively exploited.

Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now’s a really good time to update your iOS device.

A week and a half ago, Apple released iOS 15.0.1 to fix a slew of performance glitches, but iOS 15.0.2 is the first security update for the new OS.

Monday’s patch addresses a memory-corruption zero day – tracked as -2021-30883 – in IOMobileFrameBuffer, which is a kernel extension that acts as a screen framebuffer, allowing developers to control how the memory in a device uses the screen display.

“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” the company said.

Attackers who get access to kernel privileges gain

Read More: https://threatpost.com/apple-urgent-ios-updates-zero-day/175419/