back to article Apple patches 'actively exploited' iPhone zero-day with iOS 15.0.2 update

If you're using an iPhone, install the iOS 15.0.2 update immediately: Apple has warned that the latest OS upgrade patches an "actively exploited" zero-day. Described as a "memory corruption issue" by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious …

  1. DS999 Silver badge

    If it is similar to the last one

    Either the previous fix was incomplete or this was the next vulnerability NSO group had ready in case their previous one was found and fixed.

    If Apple was clever they'd pay a few government lackeys somewhere in the world who are in a position to purchase NSO group's services to do so for a few phones in Apple's labs. Provide them with appropriately spoofed GPS info, etc. and simulate normal usage while logging all traffic and waiting for NSO group's next exploit to be put into service. With all the logging to know exactly how the exploit works they could knock them down as quickly as NSO group could put them up until they run out.

    1. big_D Silver badge

      Re: If it is similar to the last one

      The previous vulnerability was in the miserable multi-media library. Even the extra sandboxing they put in place (blastdoor?) was circumvented by the problem.

      This is a totally separate exploit, direct in the Kernel. An app needs to already have access to the device to exploit it, but once on the device, it sounds like it is relatively easy to exploit.

      Most malware, like Pegasus, uses a chain of unknown exploits to gain access, gain control and then achieve permanence.

    2. Tessier-Ashpool

      Re: If it is similar to the last one

      You'd need a juicy target for that approach to be worthwhile.

      My understanding is that Pegasus is highly targeted at specific users.

      1. DS999 Silver badge

        Re: If it is similar to the last one

        Yes but NSO group doesn't decide who to target on their own, they sell exploiting/bugging phones as a service. They do it on behalf of clients, who are (supposedly) various governments around the world.

        So if you can have one of them do something on your behalf (presumably for some sort of payment like free Macbooks for the branch of government involved) then they have NSO group target the phones in Apple's lab. As far as NSO group was concerned those phones would belong to suspected spies or dissidents or whatever that the country in question wanted to keep tabs on.

    3. Charlie Clark Silver badge

      Re: If it is similar to the last one

      Why would governments willingly inform Apple of potential exploits?

      1. DS999 Silver badge

        Re: If it is similar to the last one

        Not out of the goodness of their heart, but in exchange for something of value like free computers or good old hard cash I'm sure Apple could find a government agency somewhere willing to play ball.

  2. HildyJ Silver badge
    Big Brother

    What to do?

    When somebody left the walled garden's gate open?

    On a more serious note, it's too bad Apple can't get info from the NSA who developed many of the tools the NSO uses. Unfortunately, Western intelligence agencies want the tools for themselves. But, of course, they'd never use them for evil.

    1. sanmigueelbeer Silver badge

      Re: What to do?

      Western intelligence agencies want the tools for themselves

      *Cough* EternalBlue *Cough*

  3. Omnipresent

    ...and now we spin the roulette wheel...

    Is it a necessary update? or a data stealing forced hardware buy?

    And will it keep my icloud pics off the web? Come one, Come all....

    oh yeah, we announced a new apple event with new hardware at the same time if you didn't hear. Your guess is as good as mine.

    1. big_D Silver badge

      Re: ...and now we spin the roulette wheel...

      The event announcement came a day after the patch. I'd already patched and been to sleep and spent a day at work, before the Apple event was announced...

    2. idiot taxpayer here again

      Re: ...and now we spin the roulette wheel...

      @Omnipresent

      There is only one way to keep your pics off the internet. Make sure you don't them ANYwhere that is connected to the internet. And if you really must do so, encrypt the things first.

  4. edris90

    Assume everything is always insecure ,merely obscured, And strategize your life choices from that. Saves a lot a trouble before it starts. Amazing what being honest with yourself will do for not screwing yourself.

    And then you can jailbreak your iPhone without worry.

  5. Mark 65 Silver badge

    Question

    My question is, even though the Pegasus malware infects a device via no-click route XYZ etc., does it or can it persist between firmware updates? That to me is a far greater issue. If it can, how can it or any other sort of malware/ransomware be eradicated from a device?

    It would seem that with all the different data stores available (files, app data, cloud data etc) it may be quite do-able for something to be once in always in.

    1. big_D Silver badge

      Re: Question

      Depending on how it does invade the machine, I believe at the current time, it doesn't survive a reboot and needs to re-infect, but it is possible to use other tricks to gain permanence.

      Ask yourself, do you have to re-install all your apps, after you have updated firmware? ;-)

  6. Simon Brady

    What about iOS 14?

    If you're using an iPhone, install the iOS 15.0.2 update immediately

    Apple haven't released a corresponding update for iOS 14.8: does this mean it's not affected, or are we looking at a mandatory upgrade to 15 to get the fix? You'd think there would be an authoritative "affected versions" list, but even the CVE reference leads nowhere.

    1. Korev Silver badge
      Thumb Up

      Re: What about iOS 14?

      I was wondering the same thing

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021