Apple today released emergency patches for a wide range of iPhones and iPads.
Users should ensure their devices are running versions 17.0.3 of the operating systems.
The update closes two vulnerabilities:
— CVE-2023-42824, a hole in the kernel that could allow a local attacker to elevate their access privileges. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the CVE notice says;
— and CVE-2023-5217, a heap buffer overflow in Google Chrome’s libvpx library that could be triggered by a maliciously crafted HTML page.
Affected are
— iPhone XS and later;
— iPad Pro 12.9-inch 2nd generation and later
— iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later;
— iPad Air 3rd generation and later;
— iPad 6th generation and later;
— and iPad mini 5th generation and later.
This latest update follows the release last week of iOS 17.0.2. The previous week, Apple issued iOS/iPadOS 17.0.1 for iPhones and iPads to fix vulnerabilities stemming from the discovery by the University of Toronto’s Citizen Lab and Google of an iPhone zero-day exploit chain used to secretly install Cytox’s Predator spyware.
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC’s sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : ITBusiness.ca – https://www.itbusiness.ca/news/patch-iphones-ipads-apple-urges/126259