Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution zero-day vulnerability that’s being actively exploited.
Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now’s a really good time to update your iOS device.
A week and a half ago, Apple released iOS 15.0.1 to fix a slew of performance glitches, but iOS 15.0.2 is the first security update for the new OS. Monday’s patch addresses a memory-corruption zero day – tracked as CVE-2021-30883 – in IOMobileFrameBuffer, which is a kernel extension that acts as a screen framebuffer, allowing developers to control how the memory in a device uses the screen display.
Shortly after the patch was released, a security researcher named Saar Amar published both a technical explanation and proof-of-concept exploit code.
Monday’s update, iOS 15.0.2, is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch.
The fix comes just weeks after Apple’s September release of iOS 15, replete with its much-ballyhooed new security defenses.