Apple has discovered a Zero-day vulnerability affecting iOS and iPadOS versions earlier than 17.0.3, which could allow threat actors to elevate their privileges. The CVE for this vulnerability has been given as CVE-2023-42824, and the severity of this vulnerability is currently being analyzed.
It was also mentioned that iOS 16.6 versions are actively being targeted with this vulnerability by threat actors for exploitation.
Apple has addressed this new Zero-day along with CVE-2023-5217 that affected libvpx, a Heap buffer overflow in vp8 encoding. Moreover, several Chromium-based browsers have used this particular vulnerability, including Microsoft Edge, Google Chrome, and Mozilla Firefox.
All the affected vendors have published their security advisories for addressing this vulnerability. This vulnerability has a severity of 8.8 (High) given by the National Vulnerability Database (NVD).
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Apple states that threat actors exploit this vulnerability to elevate their privileges. There has been no evidence of a publicly available exploit for this vulnerability.
Products affected by this vulnerability include iPhone XS and, later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
In order to fix this vulnerability, users are recommended to upgrade to iOS 17.0.3 to prevent this vulnerability from getting exploited.
CVE-2023-5217 – Heap Buffer Overflow in libvpx
This is a Heap buffer overflow vulnerability that can lead to arbitrary code execution on affected products. This particular vulnerability has affected several Chromium-based browsers, and patches are being issued.
In order to fix this vulnerability, users are recommended to upgrade to the following versions of the browsers.
- Google Chrome – 117.0.5938.132
- Mozilla Firefox 118.0.1
- Microsoft-Edge 116.0.1938.98
According to Apple, this vulnerability affects the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
Apple has recommended its iOS and iPadOS users upgrade to version 17.0.3 in order to fix these vulnerabilities.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.