Apple Patches iPhone, iPad Zero-Days Actively Exploited to Hack Devices

Apple released security updates for older iPhones/iPads to address 2 zero-day vulnerabilities being exploited in attacks. The bugs allow privilege escalation and arbitrary code execution.

The first zero-day is a kernel vulnerability tracked as CVE-2023-42824. The second is a heap buffer overflow in the libvpx video codec library, CVE-2023-5217.

Google researcher Clément Lecigne discovered the libvpx bug, which was exploited as a zero-day in Chrome before being patched. Microsoft also addressed it in Edge, Teams, and Skype.

The updates impact iPhone 8 and later, various iPad models, going back to iPad Air 3rd gen and iPad 5th gen.

So far this year, Apple has patched 18 zero-days exploited in the wild to target iPhones and Macs.