Skip to main content

Apple Releases Security Updates for Zero Day Vulnerabilities in iOS and iPadOS

The security update addresses two zero day vulnerabilities in iOS and iPadOS 

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The security update addresses two zero day vulnerabilities in iOS and iPadOS 


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

Apple has released a security update to address two zero day vulnerabilities in iOS and iPadOS. The first of these vulnerabilities, CVE-2023-42824, impacts the kernel and could allow a local attacker to escalate user privileges. 

The second vulnerability, CVE-2023-5217, is a buffer overflow vulnerability that impacts the Web Real-Time Communication (WebRTC) protocol and could be exploited by an attacker to cause arbitrary code execution

Exploitation of CVE-2023-42824

Apple has reported that CVE-2023-42824 is being actively exploited against versions of iOS before 16.6


Threat updates

Date Update
13 Oct 2023 Patch releases for iOS 16.7.1 and iPadOS 16.7.1 (older iPhones and iPads)

This cyber alert has been updated to reflect this change.


Remediation advice

Affected organisations are encouraged to review the following Apple security advisory and apply any relevant updates or workarounds.


Remediation steps

Type Step
Patch

iOS 17.0.3 and iPadOS 17.0.3 | HT213961


https://support.apple.com/en-gb/HT213961
Patch

iOS 16.7.1 and iPadOS 16.7.1 | HT213972


https://support.apple.com/kb/HT213972

Definitive source of threat updates


Last edited: 13 October 2023 12:12 pm