If you have an iPhone or an iPad, you’d better update those suckers right now. Apple has just announced a newly discovered zero-day vulnerability affecting droves of the company’s phones and tablets—the likes of which may be seeing “active exploitation” by hackers.
The patch comes with the company’s most recent updates to its phone and tablet lines, iOS 15.0.2 and iPadOS 15.0.2. An emergency security announcement put out Monday says the vulnerability affects the following devices: “iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).”
The nasty bug is inside the devices’ IOMobileFrameBuffer, and the company has shared that, if exploited properly, hackers could use it to execute arbitrary code with kernel privileges on target devices—meaning they would basically be able to hijack your phone or tablet and do whatever they want with them. This might include injecting malware or stealing your data, none of which is particularly fun stuff.
Apple says the zero-day was discovered by an “anonymous researcher” but hasn’t otherwise provided a whole lot of details about who might be targeting it or how it was discovered. They have given it the designation CVE-2021-30883.
While it’s not totally clear that this security flaw is seeing a lot of active exploitation, it’s also not clear that it isn’t—and you shouldn’t wait to find out. Failing to update your devices on a regular basis is the easiest, most unfortunate way to get your data and online security compromised—therefore, go, update, and be secure.
Apple has been patching up a storm this year—The Record notes that today’s update represents the 17th zero-day patch made to Apple’s products this year alone. The previous big patch came in September when the company announced an emergency security update for a vulnerability that had reportedly left 1.65 billion devices vulnerable to infiltration via spyware for months.