Apple users need to rush to update their devices once again. A month after patching two actively exploited iOS vulnerabilities, Apple has now released an emergency update addressing another zero-day under attack.
iOS 17.0.3 Fixes Privilege Escalation Zero-Day Under Attack
According to a recent advisory, Apple has addressed two severe vulnerabilities affecting its iOS devices with the latest update. Specifically, the patches arrive as an emergency update as the tech giant found one of these – the zero-day allowing elevated access on the target iOS devices, under attack in the wild.
Describing the vulnerabilities, the advisory marks the first vulnerability, CVE-2023-42824, as the actively exploited issue, targeting devices prior to iOS 16.6. Exploiting the flaw could allow a local attacker to gain elevated privileges on the respective devices. Apple patched the flaw with improved checks in the recent update.
The second vulnerability, CVE-2023-5217, is a known security flaw allowing remote code execution. This buffer overflow vulnerability recently gained the attention of researchers from Google’s Threat Analysis Group (TAG) and The Citizen Lab, as they noticed active exploitation of the flaw with other iOS vulnerabilities to deploy the Predator spyware.
This vulnerability exists in the open-source libvpx video codec library, and since it became known, the vendors have separately patched the flaw for their products. First, it was Google and Microsoft that addressed the matter for their chrome and Edge browsers, respectively, and now, it’s Apple, patching the flaw by updating to the libvpx 1.13.1.
Apple Also Fixed The iPhone 15 Overheating Issue
Alongside releasing the security fixes, Apple also addressed another major performance issue with iPhones with iOS 17.0.3. With iPhone 15 running the earlier iOS versions (until 17.0.2), users have complained about overheating issues. That’s what Apple has addressed with this update.
So now, iPhone users need to update their devices (once again) with the latest OS updates to receive the relevant security and performance fixes.
Let us know your thoughts in the comments.