5th October 2023
Summary
Yesterday, Apple released emergency operating system updates to patch two new 0-Day vulnerabilities which are being exploited in attacks on iPhone and iPad users.
CVE-2023-42824 (Severity: unrated) is a kernel vulnerability which enables local attacks to escalate privileges on unpatched iPhones and iPads.
CVE-2023-5217 (Severity: High) is a libvpx VP8 encoding buffer overflow vulnerability which enables arbitrary code execution on unpatched iPhones and iPads.
Patches
iOS 17.0.3 and iPadOS 17.0.3 system updates patch these vulnerabilities.
Affected Products
All versions prior to iOS/iPadOS 17.0.3 on the following devices are affected:
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.