Apple today released emergency patches for a wide range of iPhones and iPads.
Users should ensure their devices are running versions 17.0.3 of the operating systems.
The update closes two vulnerabilities:
— CVE-2023-42824, a hole in the kernel that could allow a local attacker to elevate their access privileges. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the CVE notice says;
— and CVE-2023-5217, a heap buffer overflow in Google Chrome’s libvpx library that could be triggered by a maliciously crafted HTML page.
Affected are
— iPhone XS and later;
— iPad Pro 12.9-inch 2nd generation and later
— iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later;
— iPad Air 3rd generation and later;
— iPad 6th generation and later;
— and iPad mini 5th generation and later.
This latest update follows the release last week of iOS 17.0.2. The previous week, Apple issued iOS/iPadOS 17.0.1 for iPhones and iPads to fix vulnerabilities stemming from the discovery by the University of Toronto’s Citizen Lab and Google of an iPhone zero-day exploit chain used to secretly install Cytox’s Predator spyware.