Apple issued an urgent warning to all iPhone users to download their iOS 15.0.2 update immediately. According to their support page, the update fixes a security vulnerability that attackers might have used to attack devices.
Unfortunately, Apple did not elaborate on the details of the security vulnerability.
Just 10 days ago, Apple released its iOS 15.0.1 update. According to The Verge, the update was a simple fix on issues like FaceID and face mask recognition. It also included test features for SharePlay, COVID-19 vaccination card in Apple Wallet and camera improvements.
To emphasize, Apple never mentioned security threats in its iOS 15.0.1 update, so the severity on iOS 15.0.2 comes as a surprise.
iPhone Security Alert: Download the iPhone iOS 15.0.2 Update
Sources from Forbes explained the security vulnerabilities and fixes available with iOS 15.0.2.
Unfortunately, Apple typically withholds details of security issues, so not much is known about the topic. Experts have no idea how widespread this security vulnerability is, whether it targets a specific demographic of people or if any attacks have already taken place.
Apple could possibly release more details on the vulnerability after people have safely updated their iPhone to prevent other malicious actors from exploiting the security breach.
For now, Apple admitted the security issue existing on iOS 15. According to its support page, iOS 15.0.2 would fix the problem IOMobileFrameBuffer, which is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation).
iPhone Security Vulnerability: IOMobileFrameBuffer or CVE-2021-30883
IOMobileFrameBuffer, labeled as CVE-2021-30883, is "an application (that) may be able to execute arbitrary code with kernel privileges," per Apple support page. Apple admitted the issue might have already been exploited, leading to iPhone memory corruption problems.
Sean Wright, the SME security lead at Immersive Labs, said, "an attacker would still need to get their victim to install and run a specially crafted application-which would most likely require a very targeted attack," per Forbes. If users did not download any suspicious applications in the past, then there should be no need for panic.
However, Wright still warned people to update their iPhones immediately. He referred to the severity of this newly discovered vulnerability as "high, since kernel level access is along the lines of the most severe as you can get."
To download the iOS 15.0.2 security update, open "Settings" on iPhone. Scroll down and open "General" then "Software Update." The latest patch information should have the "iOS 15.0.2" on its description.
Typically, users who activated "Download Updates Automatically" will have their iPhones updated to the latest iOS. Still, it is better to play safe by following the steps provided above and checking if a security update is still queued on your iPhone.
Downloading this security fix should also improve memory handling on the device.
Related Article: iPhone 13 Camera Power Is So Great: Ophthalmologist Using Pro Max for Eye Treatment, Ditches $15,000 Device