Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is displaying no indicators of slowing down.
The Cupertino gadget maker on Wednesday rushed out a brand new patch to cowl a pair of significant vulnerabilities and warned that one of many points has already been exploited as zero-day within the wild.
In a barebones advisory, Apple stated the exploited CVE-2023-42824 kernel vulnerability permits a neighborhood attacker to raise privileges, suggesting it was utilized in an exploit chain in noticed assaults.
“Apple is conscious of a report that this situation might have been actively exploited in opposition to variations of iOS earlier than iOS 16.6,” the corporate stated with out offering extra particulars.
That is the sixteenth documented in-the-wild zero-day in opposition to Apple’s iOS, iPadOS and macOS-powered units, in keeping with information tracked by information.killnetswitch. Nearly all of these assaults have been attributed to mercenary adware distributors promoting surveillance merchandise.
The latest iOS 17.0.3 and iPadOS 17.0.3 updates additionally cowl a buffer overflow vulnerability in WebRTC that exposes cell units to arbitrary code execution assaults. The difficulty was addressed by updating to libvpx 1.13.1, Apple stated.
Apple is encouraging oft-targeted customers to allow Lockdown Mode to cut back publicity to mercenary adware exploits.
