iOS Zero-Day 2023: Apple’s Swift Response with Security Patch Arrangement

On Wednesday, Apple released crucial security patches to address a recently discovered iOS zero-day vulnerability in iOS and iPadOS. It has been actively exploited.

The name of this iOS zero-day vulnerability is CVE-2023-42824. It is related to the kernel and could potentially allow a local attacker to escalate their privileges. Apple promptly dealt with this issue by implementing enhanced checks.

In a brief advisory, Apple acknowledged the issue. Furthermore, it mentioned, “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.”

Specific details about the attacks and the actors behind them remain unknown. However, successful exploitation likely requires the attacker to have already gained initial access through other means.

In this latest update, Apple also tackled another vulnerability, CVE-2023-5217. It is affecting the WebRTC component. Google had previously identified this as a heap-based buffer overflow in the VP8 compression format within libvpx.

iOS Zero-Day Vulnerability:

The updates, iOS 17.0.3 and iPadOS 17.0.3 are now available for various Apple devices. And, these devices include iPhone XS and later models, as well as specific iPad generations.

With this recent action, Apple has effectively addressed a total of 17 actively exploited iOS zero-day in its software since the beginning of the year.

This comes just a fortnight after Cupertino addressed three other issues. These three issues include CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993. All of these were reportedly exploited by an Israeli spyware vendor called Cytrox. Its role was to distribute the Predator malware to an iPhone belonging to the former Egyptian member of parliament, Ahmed Eltantawy.

Notably, CVE-2023-41992 also pertains to a kernel vulnerability. It also allows local attackers to achieve privilege expansion.

It remains unclear whether these two flaws are related or if iOS zero-day acts as a patch bypass for CVE-2023-41992.

In a recent analysis, Sekoia noted infrastructure similarities between Cytrox (aka Lycantrox) and another spyware company, Candiru (aka Karkadann). It possibly indicates their use of similar spyware technologies.

According to the French cybersecurity firm, “The infrastructure that Lycantrox uses consists of VPS hosted in several autonomous systems”. With every customer, it seemingly manages its own VPS instances and domain names associated with them.

Users at risk of potential targeting should activate Lockdown Mode to minimize exposure to spyware exploits.

You may also see;

Google Pixel 8 Pre-Order Bonus Might be Free Pixel Buds Pro

You can also visit our website for the latest information regarding technology, product reviews, mobile gadgets, and AI.

Aliha Zulfiqar
Aliha Zulfiqar
With a major in English Language and Literature, I'm a dedicated SEO Content Writer. Also, I love to write about technology. With over 2 years of experience, I've had the privilege of contributing to various renowned platforms. As I look forward to the future, I am committed to refining my work and delivering content that stands out.

Latest articles

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

Verified by MonsterInsights