Tech News

Apple Releases Security Updates for Older iPhone and iPad Devices in Response to Recent Exploits

By Aya Mohammed

Apple has now published security updates for older iPhone and iPad devices to support patches released a week ago addressing two critical vulnerabilities that were exploited in cyberattacks.

The company stated in a security bulletin, ‘Apple is aware of a report that this issue may have been actively exploited in the wild against the release of iOS before version 16.6.’

The first immediate vulnerability, tracked under the identifier CVE-2023-42824, is a privilege escalation security flaw stemming from a weakness in the XNU kernel, which could potentially allow attackers to elevate privileges on unpatched iPhones and iPads.

Apple has now also fixed the issue in iOS 16.7.1 and iPadOS 16.7.1 through improved checks, though the company has not disclosed who discovered and reported the vulnerability.

The other vulnerability, tracked under the identifier CVE-2023-5217, is due to a cache capacity bypass issue in VP8 codec inside the open-source libvpx video encoding library. This issue could potentially allow threat actors to execute arbitrary code upon successful exploitation.

While Apple has not confirmed real-world exploitation, Google patched the vulnerability as a zero-day in its Chrome web browser at the end of last month. Microsoft has also addressed the security issue in its Edge web browser, Teams video conferencing service, and Skype instant messaging service.

The other vulnerability was reported by security engineer Clément Lecigne, who works for Google’s Threat Analysis Group, on Monday.

Google’s Threat Analysis Group discovers and repeatedly reports zero-day vulnerabilities exploited by nation-state-backed threat actors in highly targeted attacks aimed at installing spyware on at-risk individuals’ devices, such as journalists, opposition politicians, and defectors worldwide.

The list of affected devices by the two widespread zero-day vulnerabilities includes the iPhone 8 and later, all iPad Pro models, all iPad Air models starting from the third generation, all fifth-generation and later iPad models, and all iPad Mini models from the fifth generation and later.


Related:

The Author:
Avatar of Aya Mohammed
Aya Mohammed

Aya Mohammed, born in 1991, from Port Said, holds a Bachelor's degree in Technology and Management Information Systems and a Master's degree in Business Administration.


Leave A Reply

Your email address will not be published.


All content published on the Nogoom Masrya website represents only the opinions of the authors and does not reflect in any way the views of Nogoom Masrya® for Electronic Content Management. The reproduction, publication, distribution, or translation of these materials is permitted, provided that reference is made, under the Creative Commons Attribution 4.0 International License. Copyright © 2009-2024 Nogoom Masrya®, All Rights Reserved.