Apple Deploys Security Patches for Aging iPhone and iPad Models Following Recent Cybersecurity Exploits

Apple has recently released security updates for older iPhone and iPad models to address two critical vulnerabilities that had been exploited in cyberattacks. The company's security bulletin noted that these vulnerabilities may have been actively exploited in the wild prior to the release of iOS version 16.6.

The first of these vulnerabilities, identified as CVE-2023-42824, is a privilege escalation flaw rooted in a weakness within the XNU kernel. This flaw could potentially allow attackers to gain elevated privileges on iPhones and iPads that have not received the necessary patches. Apple has addressed this issue in iOS 16.7.1 and iPadOS 16.7.1 by implementing improved security checks. The discoverer of this vulnerability has not been disclosed by Apple.

The second vulnerability, identified as CVE-2023-5217, is related to a cache capacity bypass problem in the VP8 codec found within the open-source libvpx video encoding library. Exploiting this vulnerability could enable malicious actors to execute arbitrary code. While Apple has not confirmed any real-world exploitation, Google had previously patched this vulnerability as a zero-day in its Chrome web browser. Microsoft has also addressed this security issue in its Edge web browser, Teams video conferencing service, and Skype instant messaging service.

The discovery of the second vulnerability was credited to security engineer Clément Lecigne, who is a part of Google's Threat Analysis Group. This group focuses on identifying and reporting zero-day vulnerabilities exploited by nation-state-backed threat actors in highly targeted attacks. These attacks are primarily aimed at installing spyware on the devices of at-risk individuals, including journalists, opposition politicians, and defectors globally.

The affected devices impacted by these two widespread zero-day vulnerabilities include iPhone models starting from the iPhone 8 and later, all iPad Pro models, iPad Air models from the third generation onward, iPad models from the fifth generation and later, as well as iPad Mini models from the fifth generation and onward.