Apple’s wait and see approach, struggles with zero-day day vulnerability on its flagship iOS platform is showing no signs of slowing down. On Wednesday to cover apple zero day vulnerability, it rushed out a new patch. Apple warned that one of the issues has already been exploited as zero-day in the wild.
(Image Credit: Apple)
In a barebones advisory, Apple said the exploited CVE-2023-42824 kernel vulnerability allows a local attacker to elevate privileges, suggesting it was used in an exploit chain in observed attacks.
Apple zero day vulnerability
Initial reports claimed that the iPhone 15 Pro’s new Apple A17 Pro chip, its new 3 nm manufacturing process, and/or the phone’s new titanium frame could be causing or exacerbating the heat problems. Apple has denied these claims. Even after the Apple zero day patch fix, you can still expect a new iPhone to run a bit warm during and immediately after initial setup. This is as it downloads apps and data and performs other background tasks.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company said without providing additional details.
Zero day exploit
This is the 16th documented in-the-wild zero-day exploit against Apple’s iOS, iPadOS and macOS-powered devices, according to data tracked by SecurityWeek. The majority of these attacks have been attributed to mercenary spyware vendors selling surveillance products.
The newest iOS 17.0.3 and iPadOS 17.0.3 updates also cover a buffer overflow vulnerability in WebRTC that exposes mobile devices to arbitrary code execution attacks. The issue was addressed by updating to libvpx 1.13.1, Apple said.
Apple is encouraging oft-targeted users to enable Lockdown Mode to reduce exposure to mercenary spyware exploits.
Apple zero day patch
When Apple released its statement about iPhone 15 Pro overheating issues earlier this week, the company indicated that an iOS update would be able to partially address that issue. That update has arrived today in the form of iOS 17.0.3, an update which claims to address “an issue that may cause iPhone to run warmer than expected,” as well as patching a pair of security exploits.
Apple also said that specific apps like Instagram and Uber were also causing phones to heat up and that it was working with developers on fixes.
Continued minor updates by Apple
This is the third minor update Apple has released for iOS 17 in the last three weeks. Version 17.0.1 also patched security flaws, while version 17.0.2 resolved a bug that could cause problems for people transferring data from an older iPhone to a new iPhone 15 or iPhone 15 Pro. The 17.0.2 update was initially only released for the iPhone 15 models, but Apple released it for all iPhone and iPad users a few days later.
The first major update to iOS 17, version 17.1, is currently in beta testing. So far, it mostly seems to refine a few of iOS 17’s new features, including the StandBy smart display mode—MacRumors has a good roundup of the changes. If Apple follows its usual schedule, the 17.1 update should roll out for all iPhone and iPad users within the next few weeks.