Skip to main content

Apple just fixed zero-day iPhone flaw with iOS 15.0.2 — update now

iphone 13 from the back
(Image credit: Tom's Guide)

Using an iPhone or iPad? Then you should update your device right now. There’s a new zero-day vulnerability affecting iPhones and iPads, and Apple has just released an update to fix the issue and keep your devices safe.

While Apple hasn’t released any details of how the vulnerability was being exploited in attacks, it can be used to steal data or install malware. So if your device asks you to update to iOS 15.0.2 or iPadOS 15.0.2, do it right away.

The CVE-2021-30883 vulnerability is a critical memory corruption bug inside the IOMobileFrameBuffer, and essentially allows apps to execute commands on any vulnerable devices with kernel privileges. 

Since kernel privileges allow any command to be executed on a device, it opens the door for bad actors to do a whole lot of nasty stuff that includes, but isn’t limited to, stealing data from your device, or installing some form of malware.

According to Apple, this vulnerability may have been actively exploited in attacks, though it hasn’t provided any details about how. That’s a deliberate tactic which makes it much harder for other ne’er-do-wells to figure out the exploit or reverse-engineer the patch for their own gain. Apple has confirmed that the memory corruption issue has been fixed thanks to improved memory handling, however.

Of course, as Bleeping Computer points out, that hasn’t stopped security researcher Saar Amar from reverse-engineering the patch to figure out what was going on. If you’re interested in all the technical details of the exploit, be sure to check that out. After you’ve updated your device, that is.

Affected devices include all iPad Pros, the 7th generation iPod Touch, iPhone 6S and all later models up to and including the new iPhone 13 range, iPad Air 2 and later models, iPad mini 4 and later as well as the 5th generation iPad and all iPads that succeeded it. That includes an awful lot of devices, going as far back as 2014 in some instances.

It’s not clear whether the exploit is being widely used or has involved specific targeted attacks, but it’s not worth finding out first hand. Head into the settings menu and get those software updates installed right away, provided your device hasn’t already prompted you to do so.

Tom Pritchard

Tom is the Tom's Guide's Automotive Editor, which means he can usually be found knee deep in stats the latest and best electric cars, or checking out some sort of driving gadget. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining that Ikea won’t let him buy the stuff he really needs online.