It’s been a few weeks for Apple, or maybe an “in-the-wild” few weeks, with several zero-day bugs necessitating emergency updates.
We should say “unexpected updates”, but all (or almost all) Apple security patches are, of course, unexpected in design.
Apple deliberately only announces security fixes after they have been published, so you could not schedule them even if you wanted to.
Apple claims that this exists “Customer protection”, because it prevents villains who may have heard rumors of a security hole but have not even figured it out from figuring out where to start looking for it.
On the other hand, it also means that you will hardly ever hear about official solutions or threat reductions from Apple, although these solutions can keep you safe under the gap between the zero-day gap that appears and the patch that is created, tested and released. .
Keep in mind that zero-day vulnerabilities refer to errors that cybercriminals know how to exploit before a patch is available, with the result that even a well-informed user or sysadmin would have had zero days to officially get ahead of Bad Guys.
Kernel memory corruption
Apple cut-as-ever prose [2021-10-11T23:55Z] simply says:
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30883: an anonymous researcher
As we have mentioned before, errors in memory corruption that affect the kernel itself are usually much more serious than errors that only affect regular apps.
Apps in iOS and iPadOS are isolated from each other to the point that even if you can crash an app and take it over, you can usually not access anything other than the files and saved data that belong to the app.
Each app runs efficiently as if it were a separate user with its own account and access control settings, so apps can only interact or read each other’s files in carefully regulated ways.
This is in contrast to typical portable and desktop apps, where your email software can typically read your documents, your document management app can typically read your spreadsheets, your spreadsheets can look at your accounting databases, and so on.
But the app separation on iPhones and iPads is set up and regulated by the kernel, making the kernel itself a kind of “ueberapp” that is a trophy target for any jailbreaker, threat researcher or cybercriminal.
In other words, a remote execution of code execution in the kernel can allow a hacker to trick an otherwise legitimate and harmless app into compromising the very core of the operating system.
When the kernel is exploited, the side effects can blow iOS’s inter-app protection completely away and allow a single junk app to sniff and take control of everything.
What to do?
- Look up the error bulletin on Apple’s security page HT212846. Unfortunately, there is very little to go on, but this page confirms that iOS 15.0.1 and iPadOS 15.0.1 need to be updated to 15.0.2.
- Check and install the update on your device if necessary. Go to Settings > General and select Software update.
In several previous emergency update situations, where Apple has withheld its official email security bulletins, the reason seems to have been that related updates were also needed for other operating systems in Apple’s menagerie, including macOS and older variants of iOS.
As a result, Apple did not say much about anything until all the updates were ready.
Does this mean that iOS 14, iOS 12, macOS Big Sur and macOS Catalina are also vulnerable and will receive patches over time?
As usual, we can not say, but we advise you to keep an eye on Apple’s core security page, numbered HT20122, if there is any further news you need to follow over the next few days.
Update. We received an Apple Security Bulletin for iOS 15.0.2 and iPadOS 15.0.2 by email shortly after writing this article. However, the HT201222 Security Update Portal page has not yet been updated [2021-10-12T12:00Z].