Yoodley is reader-supported. When you buy through links on our site, we may earn an affiliate commission.
Apple has a new update for iOS users, particularly for iPhone 8 and later devices. The release comes with security fixes for two issues spotted in the system: CVE-2023-42824 and CVE-2023-5217. The Cupertino giant believes the former “may have been actively exploited.”
The release comes with iPadOS 16.7.1 and can now be downloaded by iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later. It is also important to note that it also covers iPhone devices that haven’t updated to iOS 17 yet.
The update addresses issues related to the Kernel and WebRTC. According to the company, the problem in the former is an actively exploited vulnerability and could lead to privilege elevation. Meanwhile, Apple shared that the WebRTC issue could lead to arbitrary code execution. With this, updating all compatible devices as soon as possible is suggested.
Here is the complete detail of the security notes of the release:
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.
Description: The issue was addressed with improved checks.
CVE-2023-42824
WebRTC
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed by updating to libvpx 1.13.1.
WebKit Bugzilla: 262365
CVE-2023-5217