Exploits and vulnerabilities | News

Update now! Apple patches vulnerabilities on iPhone and iPad

Posted: October 5, 2023 by Pieter Arntz

Apple has released iOS 17.0.3, an emergency update fixing two vulnerabilities, one of which has already been exploited by cybercriminals.

The update is available for iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

The updates may already have reached you, but it doesn’t hurt to check you’re on the latest version of iOS. Here’s how:

  1. Go to Settings > General, then tap Software Update.
  2. If an update is available it will ask if you want to update now tonight. Chose Update Now.
  3. Enter your passcode, then tap Install Now.

Setting your device to update automatically is really the best way to stay on top of any vulnerabilities. Here’s how:

  1. Go to Settings > General, then tap Software Update.
  2. Tap Automatic Updates
  3. Toggle the settings to all be on.

Technical details

The CVEs patched in these updates are:

CVE-2023-42824: A vulnerability in the kernel. Exploitation would allow a local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6. The issue was addressed with improved checks.

CVE-2023-5217: A heap buffer overflow in vp8 encoding in libvpx prior to 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap. A buffer overflow may result in arbitrary code execution. The issue was addressed by updating to libvpx 1.13.1.

The vulnerability in libvpx impacted other applications as well, including Chrome, Edge, and other Chromium browsers.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

RELATED ARTICLES

TikTok logo
News | Personal

TikTok comes one step closer to a US ban

April 24, 2024 - The US Senate has approved a bill that will ban TikTok, unless it finds a new owner, bringing it one step closer to being signed into law.

CONTINUE READING 0 Comments
UnitedHealth Group logo
News | Personal

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

April 23, 2024 - UnitedHealth has made an announcement about the stolen data in the ransomware attack on subsidiary Change Healthcare.

CONTINUE READING 0 Comments
The Lock and Code logo, which includes the Malwarebytes Labs insignia ensconced in a pair of headphones
Podcast

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

April 22, 2024 - This week on the Lock and Code podcast, we speak with Justin Brookman about past consumer wins in the tech world, and how to avoid despair.

CONTINUE READING 0 Comments
Discord logo
News | Privacy

Billions of scraped Discord messages up for sale

April 22, 2024 - An internet scraping platform is offering access to a database filled with over four billion Discord messages and combined user profiles.

CONTINUE READING 0 Comments
week in security
News

A week in security (April 15 – April 21)

April 22, 2024 - A list of topics we covered in the week of April 15 to April 21 of 2024

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Pieter Arntz

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams