The CVE-2021-30883 Vulnerability
Apple has issued a security update for iOS and iPad that addresses the CVE-2021-30883 vulnerability that has been reported to be exploited in the wild.
Identified as CVE-2021-30883, the flaw concerns the “IOMobileFrameBuffer” component and may allow an attacker to execute arbitrary code with kernel privileges.
In accordance with their security policy, and their customers’ protection policy, Apple has not disclosed or discussed details about the reported security issue and has given time for the available patch to be applied.
Therefore, there are still no technical details revealed regarding the vulnerability or the nature of the attacks. There is also no information about the threat actor that has been targeting it. The company believes that this allows the majority of users to get the latest updates and prevent malicious actors from weaponizing the vulnerability at a large scale. Apple claims to have fixed the problem with better memory handling. The researcher who has reported the vulnerability remains anonymous.
According to the information that has been revealed, this attack surface is particularly intriguing since it’s accessible from the app sandbox, making it excellent for jailbreaks, and a perfect target for LPEs exploit attacks in chains.
In their security update from Monday, the tech giant claims that it is aware of a report that the reported flaw has been actively exploited.
In July this year, Apple has provided a fix for a similar, anonymously reported memory corruption problem (CVE-2021-30807) related to the IOMobileFrameBuffer component, therefore, security researchers are suspecting that it’s possible that CVE-2021-30883 is linked to that vulnerability.
With the latest security update included, the iPhone maker has fixed 17 zero-day vulnerabilities since the start of 2021. Updating to the newest versions of iOS and iPad (iOS 15.0.2 and iPad 15.0.2) is strongly advised for iPhone and iPad users who want to minimize the security risks that may arise and protect their smart devices from attacks.