December 12, 2023

Apple has released emergency security updates to patch two zero-day vulnerabilities that were actively exploited in attacks targeting iPhone and iPad users.

The first zero-day tracked as CVE-2023-42824 is a kernel vulnerability that allows local attackers to escalate privileges on unpatched devices. With this flaw an attackers could gain full control over a victim’s device, even if the user has not installed any malicious apps.

The second zero-day tracked as CVE-2023-5217 is a vulnerability in the VP8 video codec library that could allow arbitrary code execution. Attackers could execute any code they want on a victim’s device, potentially leading to data theft, malware infection, or even device takeover. The libvpx bug isn’t an Apple-exclusive concern.

Advertisements

Before Apple’s acknowledgment, both Google and Microsoft had already addressed the issue in their respective Chrome and Edge browsers, along with Teams and Skype products. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

Apple has urged all users to update their devices to the latest versions of iOS and iPadOS as soon as possible. The affected devices include:

  • iPhone XS and later
  • iPad Pro 12.9-inch 2nd generation and later
  • iPad Pro 10.5-inch
  • iPad Pro 11-inch 1st generation and later
  • iPad Air 3rd generation and later
  • iPad 6th generation and later
  • iPad mini 5th generation and later
Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Log4j 2nd Year Anniversary Still a Pain

December 11, 2023

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023
%d