The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

iOS 14 Update Fixes Memory Corruption Zero Day

by Chris Brook on Wednesday October 27, 2021

Contact Us
Free Demo
Chat

Apple fixed CVE-2021-30883, a iOS zero day weeks ago in iOS 15. Now a patch has arrived for those still running iOS 14.

While Apple has been pushing updates more often, almost bimonthly, this week's resolve some critical vulnerabilities that merit users' attention.

The updates for iOS 14 and iPadOS 14 arrived on Tuesday but one bug in iOS should be reason enough for users to update as soon as possible.

The issue, CVE-2021-30883 - a memory corruption issue in IOMobileFrameBuffer, a kernel extension for managing the screen framebuffer, was being exploited in the wild. Through the bug, Apple warns an application could execute arbitrary code with kernel privileges. The issue affects nearly every iOS device; iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) according to Apple's advisory.

Other bugs fixed include those that could be used to elevate privileges (CVE-2021-30907) and cause arbitrary code execution, some with kernel privileges.

Many of the same bugs, including the IOMobileFrameBuffer one, were also fixed on Monday, a day before, in tvOS.

CVE-2021-30883 had actually been previously fixed in iOS and iPadOS 15 earlier this month. Apple patched it in iOS 15.0.2 and iPadOS 15.0.2 on October 11. This week's patches are for anyone who may still be running iOS 14.

The issue was one of 12 resolved in iOS 14 this week. Users still running it should update to iOS 14.8.1 and iPadOS 14.8.1, the latest iOS 14 version of both operating systems, to remediate the issue.

If users are running iOS 15 they likely noticed that it received an update this week too. While Apple doesn't say any of them were exploited publicly, 22 vulnerabilities in iOS 15.1 and iPadOS 15.1 were fixed on Monday. tvOS 15.1, watchOS 8.1, macOS Catalina, and macOS Big Sur also received updates on Monday that users should find some time this week to prioritize.

The CVE-2021-30883 bug is the latest in a line of zero day vulnerabilities patched by Apple. Last month's much-publicized zero day, CVE-2021-30860, affected the iPhone, iPad, Mac and Apple Watch. Until it was fixed, the vulnerability, also known as ForcedEntry, had been exploited by NSO Group to spread its Pegasus spyware.

Tags: Apple, Mobile Security

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.