Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width Γ— 90

Breaking News

Apple released emergency update to fix zero-day actively exploited

Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild. The flaw is a critical memory corruption issue that resides in […]

Apple Signal

Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild.

Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild.

The flaw is a critical memory corruption issue that resides in the IOMobileFrameBuffer, an application can trigger the vulnerability to execute commands on vulnerable devices with kernel privileges.

Apple is aware of attacks in the wild exploiting this flaw, but it avoided sharing details about them.

“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by the IT giant. “A memory corruption issue was addressed with improved memory handling.”

The CVE-2021-30883 vulnerability was reported by an anonymous researcher. Apple updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Researchers from BleepingComputer noticed that shortly after the vulnerability was disclosed, the security researcher Saar Amar published an analysis of the zero-day and proof-of-concept exploit for this flaw.

“The POCs I have shown here work all the same on iOS 14.7.1-15.0.1. It’s probably true for much earlier versions as well, but I checked only on 14.7.1-15.0.1. Please note that over different devices/versions, some of the constants may be different. I specifically wrote the devices/versions I tested on, and it looks consistent, but it may be different on older versions. Just for fun, I checked it also on iPhone 11 Pro Max, iOS 15.0, and it worked the same :)” wrote Amar.

Recently, Apple addressed a long string of zero-day vulnerabilities actively exploited in attacks in the wild:

  • September 2021 – One zero-day vulnerability, tracked as CVE-2021-30860, exploited to deploy the NSO Pegasus spyware.
  • September 2021 – Two zero-day flaws in iOS and macOS (CVE-2021-30860, CVE-2021-30858).
  • July 2021 – CVE-2021-30807 zero day.

The other zero-day issues fixed by Apple this year are:

CVE
CVE-2021-1782
CVE-2021-1870
CVE-2021-1871
CVE-2021-1879
CVE-2021-30657
CVE-2021-30661
CVE-2021-30663
CVE-2021-30665
CVE-2021-30666
CVE-2021-30713
CVE-2021-30761
CVE-2021-30762

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs β€“ hacking, zero-day)

[adrotate banner=”5″]

[adrotate banner=”13″]