Apple Releases Security Updates for Zero Day Vulnerabilities in iOS and iPadOS
The security update addresses two zero day vulnerabilities in iOS and iPadOS
Summary
The security update addresses two zero day vulnerabilities in iOS and iPadOS
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Apple has released a security update to address two zero day vulnerabilities in iOS and iPadOS. The first of these vulnerabilities, CVE-2023-42824, impacts the kernel and could allow a local attacker to escalate user privileges.
The second vulnerability, CVE-2023-5217, is a buffer overflow vulnerability that impacts the Web Real-Time Communication (WebRTC) protocol and could be exploited by an attacker to cause arbitrary code execution.
Exploitation of CVE-2023-42824
Apple has reported that CVE-2023-42824 is being actively exploited against versions of iOS before 16.6
Threat updates
Date | Update |
---|---|
13 Oct 2023 |
Patch releases for iOS 16.7.1 and iPadOS 16.7.1 (older iPhones and iPads)
This cyber alert has been updated to reflect this change. |
Remediation advice
Affected organisations are encouraged to review the following Apple security advisory and apply any relevant updates or workarounds.
Remediation steps
Type | Step |
---|---|
Patch |
iOS 17.0.3 and iPadOS 17.0.3 | HT213961 https://support.apple.com/en-gb/HT213961 |
Patch |
iOS 16.7.1 and iPadOS 16.7.1 | HT213972 https://support.apple.com/kb/HT213972 |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 13 October 2023 12:12 pm