Apple Updates iOS Again
Apple has released updates for iOS and iPadOS to address a flaw that is being actively exploited. The critical memory corruption vulnerability in IOMobileFramebuffer is fixed in iOS and iPadOS 15.0.2. The flaw can be exploited to execute commands with kernel privileges. iOS 15.0.2 also includes several bug fixes.
A detailed analysis and a PoC have been published for this vulnerability. You should not delay applying this patch.
This is an emergency update to fix to a zero-day (CVE-2021-30883). You’re going to want to push this out to your ADE devices now, and for non-managed devices – you know the drill. The update also includes watchOS 8.0.1, which only includes bug fixes for Apple Watch Series 3 devices; no CVEs are included.
Apple's strategy of releasing updates versus issuing patches reduces the burden on end users. iOS users should consider setting “Automatic Updates” to “on.” Note that the updates often require 50% battery power or connection to external power such that “automatic” may be less than fully so.
William Hugh Murray
Read more in
Bleeping Computer: Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks