CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 678
- Points
- 83
Apple urgently fixes a bug that allows you to take control of the device.
Apple has released emergency security updates to address a new zero-day vulnerability that was exploited in attacks on iPhone and iPad users. In an official statement, Apple said that it is aware of the active exploitation of the bug in iOS versions prior to iOS 16.6.
0day-vulnerability CVE-2023-42824 is caused by a bug in the XNU kernel that allows a local user to increase privileges on vulnerable iPhones and iPads. While Apple claims to have fixed the issue by improving the checks, the company has not yet revealed who discovered and reported the flaw.
The list of affected devices is very extensive and includes:
In addition, Apple recently fixed another zero-day vulnerability caused by a heap buffer overflow error in the VP8 encoding of the open video codec library libvpx, which could allow a hacker to execute arbitrary code after successful exploitation. The libvpx bug was previously fixed by Google and Microsoft in their web browsers and products.
Apple has released emergency security updates to address a new zero-day vulnerability that was exploited in attacks on iPhone and iPad users. In an official statement, Apple said that it is aware of the active exploitation of the bug in iOS versions prior to iOS 16.6.
0day-vulnerability CVE-2023-42824 is caused by a bug in the XNU kernel that allows a local user to increase privileges on vulnerable iPhones and iPads. While Apple claims to have fixed the issue by improving the checks, the company has not yet revealed who discovered and reported the flaw.
The list of affected devices is very extensive and includes:
- iPhone XS and later models.
- iPad Pro 12.9-inch 2nd generation and later.
- iPad Pro 10.5-inch.
- iPad Pro 11-inch 1st generation and later.
- iPad Air 3rd generation and later.
- iPad 6th generation and later versions.
- iPad mini 5th generation and later versions.
In addition, Apple recently fixed another zero-day vulnerability caused by a heap buffer overflow error in the VP8 encoding of the open video codec library libvpx, which could allow a hacker to execute arbitrary code after successful exploitation. The libvpx bug was previously fixed by Google and Microsoft in their web browsers and products.
