Apple released iOS 15.0.2 today fixing a vulnerability that could be used for a future jailbreak of iOS 14 and iOS 15.
The vulnerability, credited to an anonymous researcher, was detailed in the security release notes for iOS 15.0.2.
---
IOMobileFrameBuffer
● Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
● Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
● Description: A memory corruption issue was addressed with improved memory handling.
● CVE-2021-30883: an anonymous researcher
---
Security researcher Saar Amar has already developed a proof of concept exploit.
In the last iOS security update (15.0.2) Apple fixed a vulnerability in IOMobileFrameBuffer/AppleCLCD, which they specified was exploited in the wild (CVE-2021-30883). This attack surface is highly interesting because it’s accessible from the app sandbox (so it’s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains (WebContent, etc.).
Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for jailbreak updates.
The vulnerability, credited to an anonymous researcher, was detailed in the security release notes for iOS 15.0.2.
---
IOMobileFrameBuffer
● Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
● Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
● Description: A memory corruption issue was addressed with improved memory handling.
● CVE-2021-30883: an anonymous researcher
---
Security researcher Saar Amar has already developed a proof of concept exploit.
In the last iOS security update (15.0.2) Apple fixed a vulnerability in IOMobileFrameBuffer/AppleCLCD, which they specified was exploited in the wild (CVE-2021-30883). This attack surface is highly interesting because it’s accessible from the app sandbox (so it’s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains (WebContent, etc.).
Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for jailbreak updates.