Apple’s Emergency Update Addresses Zero-Day Exploit Targeting iPhones and iPads

Apple 3

Apple has recently rolled out emergency security updates to address a new zero-day vulnerability that was being exploited to target iPhone and iPad users. This comes in the wake of reports suggesting that the flaw might have been actively exploited in versions of iOS prior to iOS 16.6.

Key Highlights:

  • The zero-day, labeled as CVE-2023-42824, stems from a vulnerability in the XNU kernel.
  • This flaw allows local attackers to escalate privileges on unpatched iPhones and iPads.
  • Apple has addressed this issue in iOS 17.03 and iPadOS 17.03.
  • The list of affected devices includes iPhone XS and later, various iPad Pro models, iPad Air 3rd generation and later, and iPad mini 5th generation and later.
  • Another zero-day, CVE-2023-5217, related to the open-source libvpx video codec library, was also addressed.
  • This year, Apple has fixed a total of 17 zero-day vulnerabilities that were exploited in attacks.

Details on the Zero-Day Exploit:

The zero-day vulnerability, CVE-2023-42824, was identified as a weakness in the XNU kernel. This vulnerability allows local attackers to escalate their privileges on devices that haven’t been patched. Although Apple has taken measures to address this issue in its recent updates, the company has not disclosed the entity that reported this flaw.

Furthermore, Apple has also addressed another zero-day, CVE-2023-5217, which was caused by a heap buffer overflow in the VP8 encoding of the open-source libvpx video codec library. This could potentially allow attackers to execute arbitrary code. Notably, this particular bug had previously been patched by other tech giants like Google and Microsoft in their respective products.

A Year of Zero-Days:

It’s worth noting that CVE-2023-42824 is the 17th zero-day vulnerability that Apple has addressed since the beginning of the year. The company has been proactive in patching these vulnerabilities, some of which were reported by renowned entities like Citizen Lab and Google’s Threat Analysis Group (TAG). These vulnerabilities were exploited in various attacks, including those that aimed to install spyware on devices.

Summary:

Apple’s commitment to user security is evident in its swift response to emerging threats. The recent emergency update is a testament to this, as the company moved quickly to patch a new zero-day vulnerability that was being exploited to target iPhone and iPad users. With a total of 17 zero-day vulnerabilities addressed this year, Apple continues to prioritize the safety and security of its user base. Users are advised to keep their devices updated to the latest software versions to ensure maximum protection against potential threats.

About the author

Joshua

Joshua Bartholomew

He is the youngest member of the PC-Tablet.com team, with over 3 years of experience in tech blogging and coding. A tech geek with a degree in Computer Science, Joshua is passionate about Linux, open source, gaming, and hardware hacking. His hands-on approach and love for experimentation have made him a versatile contributor. Joshua’s casual and adventurous outlook on life drives his creativity in tech, making him an asset to the team. His enthusiasm for technology and his belief that the world is an awesome place to explore infuse his work with energy and innovation.

Web Stories

5 Best Projectors in 2024: Top Long Throw and Laser Projectors for Every Budget 5 Best Laptop of 2024 5 Best Gaming Phones in Sept 2024: Motorola Edge Plus, iPhone 15 Pro Max & More! 6 Best Football Games of all time: from Pro Evolution Soccer to Football Manager 5 Best Lightweight Laptops for High School and College Students 5 Best Bluetooth Speaker in 2024 6 Best Android Phones Under $100 in 2024 6 Best Wireless Earbuds for 2024: Find Your Perfect Pair for Crystal-Clear Audio Best Macbook Air Deals on 13 & 15-inch Models Start from $149