Apple released Emergency safety updates to eliminate the new zero-day vulnerability that was operated in attacks on iPhone users and iPad. Apple reported that it was aware of the active error within iOS versions up to iOS 16.6.
The 0Day-vast CVE-2023-42824 was caused by an error in the nucleus XNU, allowing local users to increase privileges of vulnerable iPhones and iPads. While Apple claims to have resolved the issue by improving checks, the company has not disclosed the discoverer or reporter of the vulnerability.
The list of affected devices is extensive and includes:
- iPhone XS and later models.
- iPad Pro 12.9-inchs of the 2nd generation and later versions.
- iPad Pro 10.5-inch.
- iPad Pro 11-generation and later versions.
- 3rd generation iPad Air and later versions.
- iPad of the 6th generation and later versions.
- iPad mini of the 5th generation and later versions.
In addition, Apple recently eliminated another zero-day vulnerability caused by a buffer overflow error in the encoding of VP8 in the LibVPX video codec library. This vulnerability could allow hackers to execute arbitrary code after a successful operation. The LibVPX error had previously been resolved by Google and Microsoft in their web browsers and products.