Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Apple Releases iOS 16 Update to Patch Exploited Vulnerability 

Apple has released iOS 16.7.1 and iPadOS 16.7.1 to patch CVE-2023-42824, a kernel vulnerability that has been exploited in attacks.

Apple patches exploited iOS zero-day

Apple has released iOS and iPadOS updates to patch a kernel vulnerability that has been exploited in attacks.

The flaw, tracked as CVE-2023-42824, has been described as a local privilege escalation issue, which suggests it has been used as part of an exploit chain. 

Apple has not shared any information on the attacks or the entity that reported the vulnerability. However, many of the recently patched iOS flaws that have been exploited in the wild have been leveraged by commercial spyware vendors

The tech giant first warned customers about CVE-2023-42824 and its active exploitation on October 4, when it announced a patch with the release of iOS 17.0.3

The company noted at the time that exploitation had been seen against devices running iOS versions prior to 16.6. It has now released iOS 16.7.1 and iPadOS 16.7.1 to deliver the patches to devices that have not been updated to version 17 of the mobile operating systems. 

Many of the zero-days affecting Apple software were discovered or analyzed by researchers at Google. The internet giant is aware of nine exploited iOS vulnerabilities found in 2023. 

These security flaws are often included in zero-click exploit chains that are used to deliver spyware to iPhones. The targets are typically human rights, civil society or media entities that present an interest to authoritarian or totalitarian regimes that contract the services of mercenary spyware vendors. 

Related: macOS 14 Sonoma Patches 60 Vulnerabilities

Advertisement. Scroll to continue reading.

Related: Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware

Related: After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.