About the security content of iOS 15.0.2 and iPadOS 15.0.2: A memory corruption issue was addressed with improved memory handling in IOMobileFrameBuffer. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Affected devices: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Get our weekly newsletter Tech breakdown and proof-of-concept code is already out there
If you're using an iPhone, install the iOS 15.0.2 update immediately: Apple has warned that the latest OS upgrade patches an "actively exploited" zero-day.
Described as a "memory corruption issue" by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious applications are said to be capable of triggering an integer overflow in the framebuffer, permitting execution of arbitrary code with kernel privileges.
The bug, public...
Get our weekly newsletter With 71 new CVEs, there are patches enough for everyone
Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws. That's in addition to eight Edge-Chromium CVEs dealt with earlier this month.
Two of the fresh bugs are rated Critical, 68 are designated Important, and one is rated Low severity.
Four among the overall October harvest have been publicly disclosed, including one from July, an Azure AD security fea...
Apple has silently fixed a 'gamed' zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information.
The company addressed the bug
for the discovery even though he reported the flaw seven months before iOS 15.0.2 was released.
In July, Apple also silently patched an 'analyticsd' zero-day flaw with the release of 14.7 without crediting Tokarev in the security advisory, instead promising to a...
Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads.
This vulnerability, tracked as CVE-2021-30883, is a critical memory corruption bug allowing an application to execute commands on vulnerable devices with kernel privileges.
As kernel privileges allow the application to execute any command on the device, threat actors could potentially use it to steal data or install further malw...