Apple has released iOS and iPadOS updates to patch a kernel vulnerability that has been exploited in attacks.
The flaw, tracked as CVE-2023-42824, has been described as a local privilege escalation issue, which suggests it has been used as part of an exploit chain.
Apple has not shared any information on the attacks or the entity that reported the vulnerability. However, many of the recently patched iOS flaws that have been exploited in the wild have been leveraged by commercial spyware vendors.
The tech giant first warned customers about CVE-2023-42824 and its active exploitation on October 4, when it announced a patch with the release of iOS 17.0.3.
The company noted at the time that exploitation had been seen against devices running iOS versions prior to 16.6. It has now released iOS 16.7.1 and iPadOS 16.7.1 to deliver the patches to devices that have not been updated to version 17 of the mobile operating systems.
Many of the zero-days affecting Apple software were discovered or analyzed by researchers at Google. The internet giant is aware of nine exploited iOS vulnerabilities found in 2023.
These security flaws are often included in zero-click exploit chains that are used to deliver spyware to iPhones. The targets are typically human rights, civil society or media entities that present an interest to authoritarian or totalitarian regimes that contract the services of mercenary spyware vendors.
Related: macOS 14 Sonoma Patches 60 Vulnerabilities
Related: Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware
Related: After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery
