Apple releases another patch for iOS 17, fixes several exploited issues
Take action: Once more, patch your iPhone and iPad. Yes it's tedious. No, we can't really avoid it.
Learn More
Apple has responded to a newly identified zero-day security vulnerability being exploited in targeted attacks against iPhone and iPad users by releasing emergency security updates. The company acknowledged the potential exploitation of this flaw in iOS versions before iOS 16.6, emphasizing the need for immediate action.
Apple has addressed this security issue in iOS 17.0.3 and iPadOS 17.0.3 through enhanced checks.
The zero-day vulnerability, tracked as CVE-2023-42824, originates from a weakness detected in the XNU kernel, enabling local attackers to escalate privileges on unpatched iPhones and iPads. The impact of this vulnerability is substantial, affecting devices from iPhone XS and onwards, as well as various iPad models such as iPad Pro, iPad Air, iPad, and iPad mini from the 6th generation onwards.
Furthermore, Apple addressed another zero-day tracked as CVE-2023-5217, resulting from a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library, potentially allowing arbitrary code execution upon successful exploitation.
This particular libvpx bug had been previously patched by Google and Microsoft in their respective products.
