Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices.
The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks.
“A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.” reads the advisory published by the company.
The vulnerability impacts iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
The IT giant also addressed a buffer overflow issue, tracked as CVE-2023-5217, in WebRTC that may result in arbitrary code execution.
The company addressed the vulnerability by updating to libvpx 1.13.1.
The flaw was discovered by security researcher Clément Lecigne from Google’s Threat Analysis Group (TAG).
Last week, Google also released security updates to address the actively exploited vulnerability CVE-2023-5217.
Apple has already patched 16 actively exploited zero-day vulnerabilities in 2023, below is the list of the flaws fixed by the company:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, zero-day)