1 min read

Apple Rolls Out iOS 17.0.3 to Plug Another ‘Actively Exploited’ Kernel Hole

Filip TRUȚĂ

October 05, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Apple Rolls Out iOS 17.0.3 to Plug Another ‘Actively Exploited’ Kernel Hole

iPhone and iPad users must deploy a new security update to fend off potential hacker attacks, according to a new advisory from Cupertino, California.

Apple this week is rolling out iOS 17.0.3 and iPadOS 17.0.3 to address two security flaws, one of which is said to be under active exploitation in the wild.

“A local attacker may be able to elevate their privileges,” the tech giant explains, describing a critical Kernel flaw tracked as CVE-2023-42824. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.”

Going by the description, this weakness may only work as part of a wider exploit chain, but apparently it’s serious enough to warrant an emergency security update.

Spyware operators typically weave together different exploits to deploy their malware onto vulnerable devices.

The most recent attack occurred last month, when politically motivated threat actors exploited multiple flaws in iOS to infect a high-profile target’s iPhone with Predator spyware, as researchers at The Citizen Lab reported.

This week’s update addresses a second bug as well. Tracked as CVE-2023-5217, this WebRTC flaw is triggered by a buffer overflow, which may enable “arbitrary code execution” on the attacker’s end, according to Apple’s notice. Unlike the Kernel weakness, this security hole isn’t known to be actively exploited by threat actors.

As unpatched bugs on Apple platforms are frequently weaponized by threat actors, Bitdefender strongly recommends making all security updates a priority as the vendor makes them available.

On your iPhone or iPad, visit Settings -> General -> Software Update. Allow your iDevice to fetch the goods from Apple’s servers, then choose Download and Install.

When in doubt, use the trusty Lockdown Mode available from iOS 16 and macOS Ventura onwards. Last but not least, consider deploying a dedicated security solution to fend off the vast array of threats in today’s digital landscape.

tags


Author


Filip TRUȚĂ

Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like

Bookmarks


loader