Apple has released iOS 15.0.2 the second official release since the launch of iOS 15 last month and the bug fix release of iOS 15.0.1 that quickly followed.
iOS 15.0.2 fixes a security vulnerability that attackers may already be using to attack iPhones. iOS 15.0.2 fixes an issue with the IOMobileFrameBuffer that could allow an application to execute code with kernel privileges. The vulnerability, labelled CVE-2021-30883 is serious and Apple says it is “aware of a report that this issue may have been actively exploited.”
Tracked as CVE-2021-30883, the zero-day resides in IOMobileFramebuffer, a kernel extension that allows developers to control how a device’s memory handles the screen display—the screen framebuffer, to be more exact.
According to Apple, a malicious application may be able to execute arbitrary code with kernel privileges using this vulnerability. Gaining access to kernel privileges gives attackers full control over the iOS device.
Technical details about the vulnerability, or details about the attacks where the vulnerability has been used, are not available at the time of writing, as Apple usually likes to keep this information secret in order to prevent other threat actors from weaponizing the same bug before users had a chance to patch.
Nonetheless, a security researcher published both a technical explanation and proof-of-concept code to exploit the bug shortly after the patch was released.
Given that the issue fixed in iOS 15.0.2 is being exploited by attackers, you should update your iPhone as soon as possible, as a matter of urgency.
Apple’s iOS 15.0.2 also fixes a problem that could cause the iPhone leather wallet with MagSafe not to connect with Find My, as well as a bug which causes AirTags not to appear in the Find My Items tab.
Another issue fixed in iOS 15.0.2 could see CarPlay fail to open audio apps and disconnect during playback.
iOS 15.0.2 is now available to download on compatible iPhones, with iPadOS 15 for suitable iPads. Compatibility for the phones reaches back as far as iPhone 6s, including iPhone SE first and current editions, plus the seventh-generation iPod touch.
The complete list is: iPhone 13, iPhone 13 mini, iPhone 13 Pro, iPhone 13 Pro Max, iPhone 12, iPhone 12 mini, iPhone 12 Pro, iPhone 12 Pro Max, Phone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone XS, iPhone XS Max, iPhone XR, iPhone X, iPhone 8, iPhone 8 Plus, iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone SE (second generation) iPhone SE (first generation) and iPod seventh generation.
Along with iOS 15.0.2, Apple released iPad 15.0.2 and watchOS 8.0.1.
You can download the update by opening the Settings app and going to General > Software Update.