Apple’s iOS zero-day problems appear to be getting worse. Just weeks after shipping iOS 15 as a security-themed upgrade, Apple rushed out an urgent patch to address a software flaw being actively exploited in the wild.
The latest zero-day in an advisory and urged iOS and iPad users to upgrade to the newest iOS 15.0.2. This is the 72nd in-the-wild zero day attack documented so far in 2021.16 of the 72 exploited zero-days affect code in Apple’s products.The security defect (CVE-2021-30883) exists in IOMobile FrameBuffer, a kernel extension used to manage the screen frame buffer.
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.Shortly after the release of iOS 15.0.2, a security researcher reverse-engineered the patch and published proof-of-concept code to demonstrate the severity of the issue.
The urgent point-update comes less than a month after the release of iOS 15 with a built-in two-factor authentication code generator and multiple anti-tracking security and privacy features.
The iOS 15 makeover also included patches for at least 22 documented security vulnerabilities, some serious enough to expose iPhone and iPad users to remote denial-of-service and local code execution attacks.
The built-in authenticator can generate verification codes needed for additional sign-in security. “If a site offers two-factor authentication, you can set up verification codes under Passwords in Settings — no need to download an additional app. Once set up, verification codes auto fill when you sign in to the site.”
Another notable feature is Mail Privacy Protection, a new feature that prevents email marketers from learning information about an iPhone user’s Mail activity.