Apple rushes out iOS 15.0.2 just hours after 15.0.1 to patch actively exploited zero-day...

Cal Jeffrey

Posts: 3,217   +883
Staff member
Facepalm: Apple's iOS 15 (and iPadOS 15 by nature) has been an extremely buggy release. In addition to several flaws that crippled iPhone 13s, the operating system has had at least two actively exploited zero-day vulnerabilities that Apple engineers had to patch quickly.

On Monday, Apple issued an urgent security fix for a zero-day flaw in iOS 15 and iPadOS 15 that hackers are actively exploiting. The patch came the same day it released iOS 15.0.1.

The bug (CVE-2021-30883) causes a memory-corruption error in the IOMobileFrameBuffer, a kernel function that allows developers to allocate how their apps use system memory to control the display.

"An application may be able to execute arbitrary code with kernel privileges," read Apple's patch notes. "Apple is aware of a report that this issue may have been actively exploited."

The patch notes did not go into great detail about the bug. However, shortly after Apple released iOS and iPadOS 15.0.2, security researcher Saar Amar published a blog post explaining the exploit and created a proof-of-concept (POC) to show that it works "100 percent of the time." Amar said the flaw is "great for jailbreaks" because it is accessible from the app sandbox.

After examining the BinDiff (a tool that shows differences in disassembled binaries), Amar concluded that the flaw was not just good for granting kernel privileges but could also be used for LPE (local privilege escalation) exploits.

He tested his very simple (one page of code) POC on iOS versions 14.7.1 (physical iPhone X) and 15.0 (virtual iPhone 11 Pro) but said the bug is likely much older than that. He ran the code five times on each device, and the POC triggered a panic in every instance. Amar's code caused integer overflows in areas other than the IOMobileFrameBuffer, but the patch also seems to have corrected those.

"An interesting important note is that other implementations of these functions in other classes also had this integer overflow," Amar wrote. "As far as I can see, the patch fixed these as well."

Aside from the jailbreaking potential, this security flaw is similar to the nasty one (CVE-2021-30807) that Apple patched in July. Malicious attackers could use the bug to hijack the device completely (and apparently are). So it's best to install the patch as soon as possible.

Permalink to story.

 

Hardware Geek

Posts: 413   +469
Will be waiting for 15.2 before updating from 14.8. Never be a beta tester for a major new OS update cough windows 11 cough.
That's why I when I install a major update or new version of an OS I install it to a separate drive. You're always a beta tester with new software in an age when games "launch" with day one patches the size of the game.
 

merikafyeah

Posts: 268   +218
How do the hackers find these exploits within a couple HOURS of release? I'm guessing their all in the iOS beta program.
It's not as if the entire iOS operating system is rewritten from the kernel for every major release. It's entirely possible for bugs discovered for previous versions of iOS to be slightly tweaked to work for more recent versions. Future patches and updates could also have regressions which might re-expose previously patched vulnerabilities. Software security is never a "done" job, especially the larger your codebase becomes. You constantly have to be on your toes.
 

Mr Majestyk

Posts: 928   +821
That's why I when I install a major update or new version of an OS I install it to a separate drive. You're always a beta tester with new software in an age when games "launch" with day one patches the size of the game.

I never buy new games, also hard to install iPad OS on a new drive.
 

waclark

Posts: 136   +77
Hearing news like this makes me appreciate my Linux box more and more ......
That's like saying I appreciate my horse and buggy more and more when I hear gas prices are going up. Linux has its place, but as a desktop for the general masses it's lacking.