Apple has released urgent security updates for its iOS and iPadOS devices to patch a critical kernel vulnerability that was being exploited in the wild. The flaw, tracked as CVE-2023-42824, could allow a local attacker to gain elevated privileges on the affected devices. Users are advised to install the latest iOS 17.0.3 and iPadOS 17.0.3 updates as soon as possible.
A Zero-Day Vulnerability in the Kernel
According to Apple’s security advisory, the kernel vulnerability was reported by an anonymous researcher who claimed that it was being actively exploited against versions of iOS before iOS 16.6. The kernel is the core component of the operating system that manages memory, processes, and hardware resources. A flaw in the kernel could compromise the security and stability of the entire system.
Apple did not provide any details about the nature of the attacks or the identity of the threat actors behind them. However, it is likely that the exploitation required an initial foothold on the target device, such as through a malicious app or a phishing link. The attacker could then leverage the kernel flaw to escalate their privileges and execute arbitrary code with kernel-level permissions.
Apple said it addressed the problem with improved checks in the kernel code. The company also credited Google’s Threat Analysis Group for discovering another vulnerability in the WebRTC component, which is used for real-time communication in web browsers. The flaw, identified as CVE-2023-5217, was a heap-based buffer overflow that could lead to memory corruption and remote code execution. Apple fixed this issue by providing additional validation.
A Busy Year for Apple Security
This is not the first time that Apple has had to deal with zero-day vulnerabilities in its software this year. In fact, this is the 17th actively exploited zero-day flaw that Apple has patched since the start of 2023. Some of these flaws were used by commercial spyware vendors such as Cytrox and Candiru to deliver malware to their customers’ targets.
Just two weeks ago, Apple rolled out fixes for three other issues (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993) that were abused by Cytrox to install the Predator malware on an iPhone belonging to a former Egyptian member of parliament Ahmed Eltantawy. One of these issues was also a kernel vulnerability that allowed local privilege escalation, similar to CVE-2023-42824. It is not clear if these two flaws are related or if CVE-2023-42824 is a patch bypass for CVE-2023-41992.
Apple users who are at risk of being targeted by mercenary spyware should enable Lockdown Mode on their devices to reduce exposure to exploits. Lockdown Mode disables USB accessories when the device has been locked for more than an hour, preventing attackers from using tools like GrayKey or Cellebrite to access data or inject malicious code.
How to Update Your Device
To update your iPhone or iPad to the latest version of iOS or iPadOS, follow these steps:
- Go to Settings > General > Software Update.
- Tap Download and Install.
- Enter your passcode if prompted.
- Tap Agree to the Terms and Conditions.
- Wait for the update to download and install.
- Restart your device when prompted.
You can also update your device using iTunes or Finder on your computer. Connect your device to your computer with a USB cable and follow the on-screen instructions.
Apple also released security updates for its other products, including macOS, watchOS, tvOS, Safari, and Xcode. You can find more information about these updates on Apple’s security updates page.