Is this vulnerability also present in iOS 14.8?
Is CVE-2021-30883 present in iOS 14.8?
14.8 was released several weeks prior to the discovery of the vulnerability (which no actual use of it has been found) and before 15.0.2 was released.
6 replies
Thanks for the info!
As of 12 Oct 2021, Apple hasn't updated the National Vulnerability Database with affected software versions. And the CVE database also has very little info in it too.
National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2021-30883
CVE database: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30883
Thanks again.
It's still unclear if the vuln is present in 14.8 or it was introduced in 15. There are claims that PoC code works on 14.7.1, but we really need better communcation from Apple here.
My devices said I'm up to date with 14.8, and that 15 is an option. (This morning 10/13) After a typical wild goose chase with an Apple rep (through messaging) only willing to tell me about the wonderful iOS 15 upgrade curing all ills, I ultimately asked "So, since I am not seeing and bugs or issues with 14.8, and since my devices are telling me I'm up to date (w/ 14.8), you are telling me that upgrading to 15 is optional and that my phone is secure as it is now. Right?"
Apple: "Yes, you will keep getting security updates while being on iOS 14 also."
Yet Forbes reported this morning that Apple hasn't discussed the existence of a 14.8 update yet.
14.8 does not currently cover that vulnerability. If you want to plug it update to 15.0.2.
Thanks deggie! Do you have a reference or source stating this? I'm looking to produce a source for my leadership team.
Is this vulnerability also present in iOS 14.8?