Apple has released iOS and iPadOS updates to fix a local privilege escalation kernel vulnerability (CVE-2023-42824) that has been actively exploited in attacks, potentially by commercial spyware vendors.

Apple Releases iOS 16 Update to Patch Exploited Vulnerability

Apple has released updates for iOS and iPadOS to fix a kernel vulnerability that has been exploited in attacks. The vulnerability, known as CVE-2023-42824, is a local privilege escalation issue and has likely been used as part of an exploit chain. Apple has not provided details about the attacks or the entity that reported the vulnerability. However, similar iOS flaws that have been exploited in the past have been used by commercial spyware vendors. The updates, iOS 16.7.1 and iPadOS 16.7.1, are meant for devices that have not yet been updated to the latest versions. Google researchers have discovered and analyzed many of the zero-day vulnerabilities affecting Apple software, with nine iOS vulnerabilities being exploited in 2023. These vulnerabilities are often used in zero-click exploit chains to deliver spyware to iPhones, usually targeting human rights, civil society, or media organizations of interest to authoritarian regimes that hire spyware vendors.



Back to Home

Comments

  • No comments yet.

Comment