Using an iPhone or iPad? Then you should update your device right now. There’s a new zero-day vulnerability affecting iPhones and iPads, and Apple has just released an update to fix the issue and keep your devices safe.
While Apple hasn’t released any details of how the vulnerability was being exploited in attacks, it can be used to steal data or install malware. So if your device asks you to update to iOS 15.0.2 or iPadOS 15.0.2, do it right away.
- iPhone 13 review: The best iPhone for most people
- iOS 15 review: A better iPhone experience
- Plus: Sit up straight! The next AirPods could monitor your posture
The CVE-2021-30883 vulnerability is a critical memory corruption bug inside the IOMobileFrameBuffer, and essentially allows apps to execute commands on any vulnerable devices with kernel privileges.
Since kernel privileges allow any command to be executed on a device, it opens the door for bad actors to do a whole lot of nasty stuff that includes, but isn’t limited to, stealing data from your device, or installing some form of malware.
According to Apple (opens in new tab), this vulnerability may have been actively exploited in attacks, though it hasn’t provided any details about how. That’s a deliberate tactic which makes it much harder for other ne’er-do-wells to figure out the exploit or reverse-engineer the patch for their own gain. Apple has confirmed that the memory corruption issue has been fixed thanks to improved memory handling, however.
Of course, as Bleeping Computer (opens in new tab) points out, that hasn’t stopped security researcher Saar Amar (opens in new tab) from reverse-engineering the patch to figure out what was going on. If you’re interested in all the technical details of the exploit, be sure to check that out. After you’ve updated your device, that is.
Affected devices include all iPad Pros, the 7th generation iPod Touch, iPhone 6S and all later models up to and including the new iPhone 13 range, iPad Air 2 and later models, iPad mini 4 and later as well as the 5th generation iPad and all iPads that succeeded it. That includes an awful lot of devices, going as far back as 2014 in some instances.
It’s not clear whether the exploit is being widely used or has involved specific targeted attacks, but it’s not worth finding out first hand. Head into the settings menu and get those software updates installed right away, provided your device hasn’t already prompted you to do so.
- More: iOS 15 hidden features: 11 changes that make your iPhone better