Title: Apple Addresses Zero-Day Flaw in iOS and iPadOS with Security Patches
In a recent development, Apple has rolled out security patches to address a new zero-day flaw in iOS and iPadOS. This vulnerability, tracked as CVE-2023-42824, has been actively exploited in the wild. Apple has taken swift action to enhance security checks and protect its users from potential attacks.
The Zero-Day Flaw and Its Impact
The zero-day flaw, CVE-2023-42824, is a kernel vulnerability that could allow a local attacker to elevate their privileges. Apple acknowledged the issue and promptly released security patches to address the problem. The company advised that the flaw may have been actively exploited against versions of iOS before iOS 16.6.
While specific details regarding the attacks and the identity of the threat actors remain unknown, successful exploitation of the vulnerability likely requires the attacker to have already gained initial access through other means.
Additional Security Fixes
Apple’s latest update also includes fixes for another vulnerability, CVE-2023-5217, which affects the WebRTC component. This vulnerability, identified as a heap-based buffer overflow in the VP8 compression format in libvpx, was previously reported by Google. With these patches, Apple continues to prioritize the security of its users.
Devices Receiving Updates
The security patches, iOS 17.0.3 and iPadOS 17.0.3, are available for the following devices:
– iPhone XS and later
– iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
Apple’s Proactive Approach to Addressing Zero-Days
The recent security patches mark the 17th actively exploited zero-day flaw addressed by Apple since the beginning of this year. Apple’s commitment to addressing vulnerabilities promptly and ensuring the security of its software is commendable.
Previous Incidents and Potential Connections
This update arrives two weeks after Apple released fixes for three other zero-day vulnerabilities (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993) that were reportedly exploited by an Israeli spyware vendor named Cytrox. These vulnerabilities were used to deliver the Predator malware onto the iPhone belonging to an Egyptian member of parliament, Ahmed Eltantawy.
Of particular interest is the fact that CVE-2023-41992 also points to a kernel flaw that allows local attackers to achieve privilege escalation. It is yet to be determined if there is any connection between CVE-2023-42824 and CVE-2023-41992, and if the former serves as a patch bypass for the latter.
Infrastructure Similarities and Recommendations
Recent analysis by Sekoia highlighted infrastructure similarities between customers of Cytrox and another spyware company called Candiru (aka Karkadann). It is possible that these companies may be using similar spyware technologies. As a precaution, Apple users at risk of being targeted are advised to enable Lockdown Mode to minimize their exposure to mercenary spyware exploits.
Apple’s swift response in rolling out security patches to address the zero-day flaw in iOS and iPadOS demonstrates its dedication to user security. With these patches, the company aims to protect its users from potential attacks and maintain the integrity of its software. It is essential for Apple users to stay updated with the latest security measures and promptly install relevant updates to ensure their devices’ safety.