On Wednesday, Apple swiftly released crucial security updates to address a newly discovered zero-day vulnerability in iOS and iPadOS. The company confirmed that this vulnerability was already under active exploitation in real-world scenarios.
This kernel vulnerability, designated as CVE-2023-42824, had the potential to be exploited by a local attacker, granting them elevated privileges. Apple, the manufacturer of iPhones, emphasized that it had implemented enhanced security checks to resolve this issue effectively.
[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing
In a concise advisory, Apple acknowledged being “aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.”
While specifics regarding the nature of the attacks and the identity of threat actors remain unclear, successful exploitation of these vulnerabilities undoubtedly necessitates that the attacker has already established a foothold using another method.
Apple’s most recent patch also addresses CVE-2023-5217, identified by Google last week as a heap-based buffer overflow within the VP8 compression format in libvpx, impacting the WebRTC component.
The updates, iOS 17.0.3 and iPadOS 17.0.3, are now available for the following devices:
- iPhone XS and later models
- iPad Pro 12.9-inch and later models
- iPad Pro 10.5-inch and later models
- iPad Pro 11-inch and later models
- iPad Air 3rd generation and later models
- iPad 6th generation and later models
- iPad mini 5th generation and later models
Since the start of this year, Apple has been proactive in addressing security concerns, effectively fixing a total of 17 actively exploited zero-day vulnerabilities within its software.
This recent update comes just two weeks after Cupertino released patches to tackle three critical issues (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993). These vulnerabilities were allegedly exploited by an Israeli spyware firm named Cytrox, targeting an iPhone belonging to Ahmed Eltantawy, a former Egyptian lawmaker, with the Predator malware earlier this year.
It’s worth noting that CVE-2023-41992 relates to a kernel flaw, offering a potential pathway for local attackers to escalate privileges.
Currently, the exact relationship between these two vulnerabilities and whether CVE-2023-42824 serves as a patch bypass for CVE-2023-41992 remains unknown, raising important questions within the cybersecurity community.
A recent investigation by Sekoia revealed that consumers of Cytrox (also known as Lycantrox) and Candiru (also known as Karkadann), both commercial spyware companies, shared infrastructure in December 2021. This was likely due to the common usage of spyware technologies by both companies.
The French cybersecurity firm outlined that each customer seems to operate their own instances of Virtual Private Servers (VPS) and manages domain names associated with them. They noted, “The infrastructure utilized by Lycantrox comprises VPS hosted across multiple autonomous systems.”
To enhance their defence against mercenary spyware attacks, users who might be potential targets should consider enabling Lockdown Mode, a precautionary measure to reduce susceptibility to such threats.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.