Apple released iOS 15.0.2 today fixing a vulnerability that could be used for a future jailbreak of iOS 14 and iOS 15.
The vulnerability, credited to an anonymous researcher, was detailed in the security release notes for iOS 15.0.2.
● Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
● Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
● Description: A memory corruption issue was addressed with improved memory handling.
● CVE-2021-30883: an anonymous researcher
Security researcher Saar Amar has already developed a proof of concept exploit.
In the last iOS security update (15.0.2) Apple fixed a vulnerability in IOMobileFrameBuffer/AppleCLCD, which they specified was exploited in the wild (CVE-2021-30883). This attack surface is highly interesting because it’s accessible from the app sandbox (so it’s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains (WebContent, etc.).