Apple Patches iPhone, iPad Zero-Days Actively Exploited to Hack Devices
-
Apple released security updates for older iPhones/iPads to address 2 zero-day vulnerabilities being exploited in attacks. The bugs allow privilege escalation and arbitrary code execution.
-
The first zero-day is a kernel vulnerability tracked as CVE-2023-42824. The second is a heap buffer overflow in the libvpx video codec library, CVE-2023-5217.
-
Google researcher Clément Lecigne discovered the libvpx bug, which was exploited as a zero-day in Chrome before being patched. Microsoft also addressed it in Edge, Teams, and Skype.
-
The updates impact iPhone 8 and later, various iPad models, going back to iPad Air 3rd gen and iPad 5th gen.
-
So far this year, Apple has patched 18 zero-days exploited in the wild to target iPhones and Macs.