Apple moves on kernel bug

By

May have been exploited in the wild.

Apple has rushed out an emergency patch for a vulnerability it says may have been exploited.

Apple moves on kernel bug

In its typically tight-lipped advisory, Apple did not detail the nature of the vulnerability, which is designated CVE-2023-42824.

It says only that the issue affects “iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later”.

It’s a local privilege escalation vulnerability in the kernel, which “may have been actively exploited against versions of iOS before iOS 16.6.”

The emergency patch also includes mitigation of a second vulnerability, CVE-2023-5217.

This vulnerability is a bug in the libvpx video codec library from Google and the Alliance for Open Media.

It’s a heap buffer overflow and according to Mozilla, was first reported by Clément Lecigne of Google’s Threat Analysis Group.

“Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process,” resulting in remote code execution, Mozilla’s advisory stated.

Mozilla said it was aware of the issue being exploited “in other products in the wild”.

Apple’s advisory said the issue was addressed by updating to libvpx 1.13.1.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?