Apple has released security patches to address a zero-day flaw actively exploited in iOS and iPadOS. Identified as CVE-2023-42824, this kernel vulnerability could allow local attackers to elevate their privileges. Apple has rectified the issue with enhanced checks and has acknowledged reports of active exploitation against versions prior to iOS 16.6. The specifics of the attacks and the identities of the threat actors remain undisclosed. Successful exploitation likely requires attackers to have an initial foothold.
Additionally, Apple’s update addresses CVE-2023-5217, which affects the WebRTC component. This vulnerability, described by Google, is a heap-based buffer overflow in the VP8 compression format in libvpx. The patches, iOS 17.0.3 and iPadOS 17.0.3, are available for devices including iPhone XS and later, various iPad Pro models, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
This year, Apple has addressed 17 actively exploited zero-days. The latest patches come two weeks after Apple fixed three vulnerabilities (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993). These were reportedly exploited by Israeli spyware vendor Cytrox to deploy the Predator malware on the iPhone of former Egyptian MP Ahmed Eltantawy. Notably, CVE-2023-41992 is also a kernel flaw allowing privilege escalation. It’s unclear if CVE-2023-42824 is related or a patch bypass for CVE-2023-41992.
A recent analysis by Sekoia discovered infrastructure similarities between Cytrox customers and another spyware company, Candiru. Both might be using similar spyware technologies. Sekoia noted that Lycantrox’s infrastructure comprises VPS hosted across various autonomous systems. Users potentially at risk are advised to enable Lockdown Mode to minimize exposure to such spyware exploits.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.