Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

/in






Hi, what are you looking for?
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
By
Flipboard
Reddit
Whatsapp
Whatsapp
Email
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
The Cupertino device maker on Wednesday rushed out a new patch to cover a pair of serious vulnerabilities and warned that one of the issues has already been exploited as zero-day in the wild.
In a barebones advisory, Apple said the exploited CVE-2023-42824 kernel vulnerability allows a local attacker to elevate privileges, suggesting it was used in an exploit chain in observed attacks.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company said without providing additional details.
This is the 16th documented in-the-wild zero-day against Apple’s iOS, iPadOS and macOS-powered devices, according to data tracked by SecurityWeek. The majority of these attacks have been attributed to mercenary spyware vendors selling surveillance products.
The newest iOS 17.0.3 and iPadOS 17.0.3 updates also cover a buffer overflow vulnerability in WebRTC that exposes mobile devices to arbitrary code execution attacks. The issue was addressed by updating to libvpx 1.13.1, Apple said. 
Apple is encouraging oft-targeted users to enable Lockdown Mode to reduce exposure to mercenary spyware exploits.
Related: Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Advertisement. Scroll to continue reading.

Related: Qualcomm Patches 3 Zero-Days Reported by Google
Related: Can ‘Lockdown Mode’ Solve Apple’s Mercenary Spyware Problem?
Related: Apple Patches Actively Exploited iOS, macOS Zero-Days
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs,…

Source…