Ever since iOS 15 landed for iPhone users, many users have been getting the issue related to cve-2021-30883. But later, Apple looked into it and explained that cve-2021-30883 is an anonymous researcher.
The company also said that CVE-2021-30883 is a memory corruption issue in IOMobileFrameBuffer, a kernel extension for managing the screen framebuffer. The vulnerability may be exploited by an application to execute arbitrary code with kernel privileges, Apple explained.
There is no detail revealed yet from Apple side about the flaw or the attack, but the researcher who discovered it remains unnamed. The security researcher Saar Amar analyzed the Apple Patch and came up with the flaw is “a classic integer overflow.”
According to Amar, IOMobileFrameBuffer is an application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. It is also a serious attack on users and accessible from the app sandbox, making it a good candidate for LPEs exploits in chains.
He also added that the works are on iOS 15.0 and iOS 14.7.1. According to him, it can also work on older iOS systems. He said, “Unlike the previous in-the-wild vulnerability in IOMFB/AppleCLCD, no special entitlements are required. You can just create an iOS app with my POC, run it on the device and trigger the bug,”
We have not received a full exploit from him yet.
Thankfully, Apple’s new iOS 15.0.2 is specially developed to fix this security issue with the memory corruption issue was addressed with improved memory handling.
If you are still wondering whether you should update to iOS 15.0.2, then you should know that you must download and install iOS 15.0.2 on your iPhone to fix the security flaws.
To update your iPhone to iOS 15.0.2, go to Settings > General > Software Update > Download and install iOS 15.0.2. But make sure that you have more than 50% battery life and are connected to stronger and stable Wi-Fi.