NA

CVE-2021-30883

Published: 24/08/2021 Updated: 24/08/2021

Vulnerability Summary

About the security content of iOS 15.0.2 and iPadOS 15.0.2: A memory corruption issue was addressed with improved memory handling in IOMobileFrameBuffer. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Affected devices: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-11-1 iOS 1502 and iPadOS 1502 iOS 1502 and iPadOS 1502 addresses the following issues Information about the security content is also available at supportapplecom/HT212846 IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 a ...

Github Repositories

Bindiff and POC for the IOMFB vulnerability, iOS 1502 A short blogpost about CVE-2021-30883, patched in iOS 1502 Blogpost is here

Bindiff and POC for the IOMFB vulnerability, iOS 1502 A short blogpost about CVE-2021-30883, patched in iOS 1502 Blogpost is here

Bindiff and POC for the IOMFB vulnerability, iOS 1502 A short blogpost about CVE-2021-30883, patched in iOS 1502 Blogpost is here

Recent Articles

Apple patches 'actively exploited' iPhone zero-day with iOS 15.0.2 update
The Register • Gareth Corfield • 12 Oct 2021

Get our weekly newsletter Tech breakdown and proof-of-concept code is already out there

If you're using an iPhone, install the iOS 15.0.2 update immediately: Apple has warned that the latest OS upgrade patches an "actively exploited" zero-day.
Described as a "memory corruption issue" by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious applications are said to be capable of triggering an integer overflow in the framebuffer, permitting execution of arbitrary code with kernel privileges.
The bug, public...

Microsoft Patch Tuesday bug harvest festival comes to town
The Register • Thomas Claburn in San Francisco • 12 Oct 2021

Get our weekly newsletter With 71 new CVEs, there are patches enough for everyone

Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws. That's in addition to eight Edge-Chromium CVEs dealt with earlier this month.
Two of the fresh bugs are rated Critical, 68 are designated Important, and one is rated Low severity.
Four among the overall October harvest have been publicly disclosed, including one from July, an Azure AD security fea...

Apple silently fixes iOS zero-day, asks bug reporter to keep quiet
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Apple has silently fixed a 'gamed' zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information.
The company addressed the bug
 for the discovery even though he reported the flaw seven months before iOS 15.0.2 was released.
In July, Apple also silently patched an 'analyticsd' zero-day flaw with the release of 14.7 without crediting Tokarev in the security advisory, instead promising to a...

Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads.
This vulnerability, tracked as CVE-2021-30883, is a critical memory corruption bug allowing an application to execute commands on vulnerable devices with kernel privileges.
As kernel privileges allow the application to execute any command on the device, threat actors could potentially use it to steal data or install further malw...