Apple on Wednesday released security patches to address a new zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild.
Track as CVE-2023-42824, a local attacker could exploit the kernel vulnerability to elevate their privileges. The iPhone maker said it addressed the issue with improved controls.
“Apple is aware of a report indicating that this issue may have been actively exploited in iOS versions prior to iOS 16.6,” the company said. noted in a brief notice.
While additional details about the nature of the attacks and the identity of the threat actors perpetrating them are currently unknown, successful exploitation likely depends on an attacker having already gained an initial foothold through some other means.
Apple’s latest update also resolves CVE-2023-5217 impacting the WebRTC component, which Google described last week as a heap-based buffer overflow in the VP8 compression format in libvpx.
The patches, iOS 17.0.3 and iPadOS 17.0.3, are available for the following devices:
- iPhone XS and later
- iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch first generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini fifth generation and later
With this new development, Apple has addressed a total of 17 zero days actively exploited in its software since the beginning of the year.
It also comes two weeks after Cupertino implemented fixes to resolve three questions (CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993), which are said to have been abused by an Israeli spyware vendor called Cytrox to deliver Predator malware on the iPhone belonging to former Egyptian parliament member Ahmed Eltantawy earlier this year.
A point worth noting here is that CVE-2023-41992 also refers to a flaw in the kernel that allows local attackers to achieve privilege escalation.
It is not immediately clear if the two flaws have any connection to each other and if CVE-2023-42824 is a patch to work around CVE-2023-41992.
Sekoia, in a recent analysis, said it found infrastructure similarities between customers of Cytrox (also known as Lycantrox) and another commercial spyware company called Candiru (also known as Karkadann), probably because they use both spyware technologies.
“The infrastructure used by Lycantrox consists of VPS hosted on several autonomous systems,” says the French cybersecurity firm. sayingand each client appears to run their own VPS instances and manage their own domain names related to it.
Users who are at risk of being attacked are advised to enable lock mode to reduce exposure to mercenary spyware exploits.
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.