Apple Releases Security Updates for Older iPhones and iPads
Apple has released security updates for older versions of iPhones and iPads to patch two zero-day vulnerabilities that were previously fixed in newer devices and had been exploited in real-world attacks.
According to Appleβs official statement: βApple is aware of a report that this issue may have been actively exploited in versions of iOS before iOS 16.6.β
Details of the Vulnerabilities
- CVE-2023-42824: This is a privilege escalation vulnerability caused by a weakness in the XNU kernel. The issue was fixed in iOS 16.7.1 and iPadOS 16.7.1.
- CVE-2023-5217: This vulnerability is related to a buffer overflow in the VP8 encoding of the libvpx library, which could allow attackers to execute arbitrary code. While Apple has not confirmed active exploitation of this vulnerability, Google previously fixed a similar bug in Chrome, and Microsoft addressed it in Edge, Teams, and Skype.
Affected Devices
The following devices were at risk from these vulnerabilities and now have available patches from Apple:
- iPhone 8 and later models
- All models of iPad Pro
- iPad Air (3rd generation and later)
- iPad (5th generation and later)
- iPad mini (5th generation and later)
Additional Information
Last week, CISA added these security flaws to its catalog of known exploited vulnerabilities, requiring federal agencies to protect their devices from potential attacks.
Since the beginning of the year, Apple has already fixed 18 zero-day vulnerabilities that were widely used in attacks targeting iOS, iPadOS, and macOS.