Apple iOS Critical Risk
On October 11th Apple released a critical update to its iOS and iPadOS devices, version 15.0.2. This update is critical, as it includes a patch that covers vulnerability CVE-2021-30883.
Here is the notice from Apple:
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30883: an anonymous researcher
What Does Apple Vulnerability Mean for SMBs and MSPs?
If you’ve upgraded to the latest iOS version 15 on your devices, you should update your Apple devices as soon as possible to avoid the risk of “Remote Code Execution” which translates to hackers can easily break into your device and steal your data.
In the advisory sent out by Apple, they said, “this issue may have been actively exploited“, which you can translate as “this is a zero-day bug that hackers already know how to exploit“.
Zero-days, are working attacks that the hackers have found first, so even the best-informed IT professionals in the world have had zero days during which they could have patched ahead of the crooks attacking. In other words, patch right now.
What Should I Do?
Even if you’ve enabled automatic updates, check whether you have received the update yet. If you check and you already have 15.0.2, you are safe for now; if you don’t have 15.0.2 then your phone will offer to get it for you right away – do it!
The area to go to is Settings > General > Software Update.