October 12, 2023 at 10:21AM
Apple has released iOS and iPadOS updates to patch a kernel vulnerability (CVE-2023-42824) that has been actively exploited in attacks. The flaw is a local privilege escalation issue, indicating it may have been used as part of an exploit chain. Although Apple has not provided details about the attacks or the entity that reported the vulnerability, similar iOS flaws have been exploited by commercial spyware vendors. The tech giant initially warned about the vulnerability on October 4 and has now released patches for devices running older iOS versions. These zero-day exploits are often used to deliver spyware to targeted individuals, such as human rights organizations, civil society, or media entities with interest to authoritarian regimes. Google researchers have discovered or analyzed many of the vulnerabilities affecting Apple software.
Key Takeaways from Meeting Notes:
1. Apple has released updates for iOS and iPadOS to fix a kernel vulnerability that has been exploited in attacks.
2. The vulnerability, known as CVE-2023-42824, is a local privilege escalation issue and has likely been used as part of an exploit chain.
3. Apple has not disclosed any specific information about the attacks or the entity that reported the vulnerability.
4. Previously, many of the iOS vulnerabilities that were exploited in the wild were abused by commercial spyware vendors.
5. The company first alerted users about CVE-2023-42824 and ongoing exploitation on October 4, along with the release of iOS 17.0.3.
6. Exploitation has been observed on devices running iOS versions prior to 16.6.
7. To address devices that haven’t updated to the latest version 17, Apple has released iOS 16.7.1 and iPadOS 16.7.1 with the necessary patches.
8. Google researchers have discovered or analyzed multiple zero-day vulnerabilities affecting Apple software, including nine exploited iOS vulnerabilities in 2023.
9. These security flaws are often part of zero-click exploit chains utilized to deliver spyware to iPhones.
10. The targets of such attacks are typically individuals or entities related to human rights, civil society, or media that are of interest to authoritarian or totalitarian regimes that engage mercenary spyware vendors.
Note: There is also mention of related articles regarding patches for macOS vulnerabilities and details about an Israeli spyware vendor and its iOS malware.