Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009001¶
Overview¶
Apple has released critical security updates to address vulnerabilities in iOS and iPadOS that may be exploited by attackers.
What is the vulnerability?¶
CVE-2023-42824 - CVSS v3 Base Score: 7.8 - Kernel
- A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.
CVE-2023-5217 - CVSS v3 Base Score: 8.8 - WebRTC
- A buffer overflow may result in arbitrary code execution on affected devices.
What is vulnerable?¶
The vulnerability affects the following products:
- iOS versions prior to 17.0.3
- iPadOS versions prior to 17.0.3
Updates are available to the following devices:
- iPhone XS and later
- iPad Pro 12.9-inch 2nd generation and later
- iPad Pro 10.5-inch
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 6th generation and later
- iPad mini 5th generation and later
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
- [Vendor URL](Vendor URL)