Apple released security updates on Wednesday to patch several zero-days for iOS and iPadOS 17.0.3.
The two updates: CVE-2023-42824 and CVE-2023-5217, are now available for “iPhone XS and later versions, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation or later, and iPad mini 5th generation or later.”
It is unknown who first tracked the vulnerabilities and reported them to the company or if the company found them by itself.
The vulnerability CVE-2023-42824 pertains specifically to iOS. Using this vulnerability, the attacker may be able to escalate their privileges and gain illegal access to the device.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” Apple said regarding this vulnerability.
This update will also cater to the overheating issue of the iPhone. “This update provides important bug fixes and security updates and addresses an issue that may cause the iPhone to run warmer than expected,” said Apple.
Another vulnerability, CVE-2023-5217 fixes a flaw in the WebRTC open-source component, exploiting which an attacker can perform a buffer overflow attack, causing a range of disruptions from crashes to malicious code execution. This vulnerability could also be used to install spyware on the devices.
Google has already patched the CVE-2023-5217 vulnerability in September reported to the company by security researcher Clement Lecigne of the Google Threat Analysis Group (TAG).
In September this year, Apple fixed two zero days: CVE-2023-41061 and CVE-2023-41064, disclosed by Citizen Lab.
In March, Apple fixed another zero-day exploit, CVE-2023-23529, a vulnerability in the Webkit component.