According to The Hacker News , the patched bug, tracked as CVE-2023-42824, is a kernel vulnerability that could allow a local attacker to escalate privileges. Apple said it received reports of this from versions prior to iOS 16.6 and addressed the issue by improving its checks.
As usual, details about the nature of the attacks and the identities of the threat actors responsible have not been released. Apple's new update also addresses a bug CVE-2023-5217 affecting the WebRTC component, which Google previously described as a buffer overflow in the libvpx library.
In 2023 alone, Apple patched 17 Zero-Day vulnerabilities in its devices
With the iOS 17.0.3 and iPadOS 17.0.3 patches, Apple not only addresses the unusual overheating issue on the newly released iPhone 15 series, but also addresses a total of 17 Zero-Day vulnerabilities that have been actively exploited on affected devices since the beginning of the year.
Two weeks ago, the Cupertino-based giant released iOS and iPadOS 17.0.2, which patched three security flaws (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993) that security experts have confirmed are actively exploited. These zero-day flaws were used by Cytrox, an Israeli spyware company, to spread Predator malware to the iPhone of a former Egyptian parliament official earlier this year.
Users at risk of being targeted can use Lockdown Mode, which Apple has equipped on iOS 16, to reduce the risk of being exploited by spyware.
Source link
Comment (0)