Apple’s Emergency Fix: Zero-Day Exploit Puts iPhone and iPad Security at Risk

by | Oct 5, 2023 | News

Apple's Emergency Fix: Zero-Day Exploit Puts iPhone and iPad Security at Risk

Post Views: 395

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

Apple Rushes to Patch Zero-Day Threat Targeting iPhones and iPads

In a swift response to a newfound zero-day security vulnerability, Apple has released emergency security updates, signaling a race against time to protect iPhone and iPad users from potential cyber threats. The exploit (CVE-2023-42824) in question, discovered in the XNU kernel, poses a risk of local attackers escalating privileges on unpatched iOS devices.

Apple, in its official advisory, acknowledged the severity of the issue, stating, “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.” The company has taken decisive action by addressing the security concern in the latest updates, iOS 17.0.3 and iPadOS 17.0.3, reinforcing checks and defenses.

The scope of this vulnerability encompasses a wide range of Apple devices, including the iPhone XS and subsequent models, as well as various iPad iterations, such as the iPad Pro 12.9-inch 2nd generation and beyond, iPad Pro 10.5-inch, and more.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Additionally, Apple has tackled another zero-day concern, denoted as CVE-2023-5217. This issue stems from a heap buffer overflow weakness found in the VP8 encoding of the open-source libvpx video codec library. Successful exploitation could potentially allow arbitrary code execution. Notably, Google had previously addressed this libvpx bug in its Chrome web browser, while Microsoft applied patches in its Edge, Teams, and Skype products.

Remarkably, CVE-2023-5217 was pinpointed by Clément Lecigne, a security researcher affiliated with Google’s Threat Analysis Group (TAG). TAG is renowned for its consistent identification of zero-days employed in government-backed targeted spyware assaults, typically targeting high-risk individuals.

This latest security concern, CVE-2023-42824, marks the 17th zero-day vulnerability that Apple has confronted and resolved since the commencement of the year. Among these, several were reported by prominent security researchers, including Citizen Lab and Google TAG, and were leveraged in espionage attempts.

Trending: Maximizing IDOR Detection with Burp Suite’s Autorize

Trending: Recon Tool: Mantra

The gravity of these vulnerabilities necessitated immediate attention, as they were exploited to facilitate the installation of sophisticated spyware, such as Cytrox’s Predator and NSO Group’s Pegasus, on iOS devices.

In the ongoing effort to safeguard Apple users, the company continues to demonstrate its commitment to patching vulnerabilities and enhancing the security of its ecosystem. As iOS 17.0.3 debuts, it not only addresses critical security issues but also resolves an overheating problem reported on iPhones running iOS 17.0.2 and earlier versions. Apple users are strongly advised to promptly apply these crucial updates to bolster their device’s security and overall performance.

Trending: Hackers Employ ZeroFont Trick in Phishing Emails to Bypass Security Checks

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This