Carding 4 Carders
Professional
Active support six years after the release — keep it up, Cupertino.
Apple has released security updates for older versions of the iPhone and iPad to add patches released earlier to fix two zero-day vulnerabilities exploited in real-world attacks.
In an official statement, Apple said: "Apple is aware of a report stating that this issue may have been actively used in iOS versions prior to iOS 16.6."
The first vulnerability with the identifier CVE-2023-42824, which we wrote about in early October, is a privilege escalation vulnerability caused by a weakness in the XNU kernel. The issue was fixed in iOS 16.7.1 and iPadOS 16.7.1.
The second vulnerability (CVE-2023-5217 ) is related to a buffer overflow in the VP8 encoding of the libvpx library. It can allow attackers to execute arbitrary code. Although Apple has not confirmed the exploitation of this vulnerability, Google has previously fixed a similar bug in the Chrome browser, and Microsoft-in Edge, Teams and Skype.
Among the devices that were affected by the two aforementioned vulnerabilities, and for which fixes from Apple are now available:
Last week, CISA added these security flaws to its catalog of known exploited vulnerabilities, instructing federal agencies to protect their devices from incoming attacks.
Since the beginning of the year, Apple has already eliminated 18 zero-day vulnerabilities that were widely used for attacks on iOS, iPadOS and macOS.
Apple has released security updates for older versions of the iPhone and iPad to add patches released earlier to fix two zero-day vulnerabilities exploited in real-world attacks.
In an official statement, Apple said: "Apple is aware of a report stating that this issue may have been actively used in iOS versions prior to iOS 16.6."
The first vulnerability with the identifier CVE-2023-42824, which we wrote about in early October, is a privilege escalation vulnerability caused by a weakness in the XNU kernel. The issue was fixed in iOS 16.7.1 and iPadOS 16.7.1.
The second vulnerability (CVE-2023-5217 ) is related to a buffer overflow in the VP8 encoding of the libvpx library. It can allow attackers to execute arbitrary code. Although Apple has not confirmed the exploitation of this vulnerability, Google has previously fixed a similar bug in the Chrome browser, and Microsoft-in Edge, Teams and Skype.
Among the devices that were affected by the two aforementioned vulnerabilities, and for which fixes from Apple are now available:
- iPhone 8 and later models;
- iPad Pro (all models), iPad Air 3 and later, iPad generation 5 and later, iPad mini generation 5 and later.
Last week, CISA added these security flaws to its catalog of known exploited vulnerabilities, instructing federal agencies to protect their devices from incoming attacks.
Since the beginning of the year, Apple has already eliminated 18 zero-day vulnerabilities that were widely used for attacks on iOS, iPadOS and macOS.
