⚠ Actively exploited
Added to CISA KEV on 2023-10-05. Federal agencies required to patch by 2023-10-26. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2023-42824Apple IOS AND Ipados vulnerability

16 documents7 sources
Severity
7.8HIGHNVD
EPSS
1.0%
top 23.41%
CISA KEV
KEV
Added 2023-10-05
Due 2023-10-26
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Apple IOS AND IpadosApple IpadosApple Iphone OS+2 more
Timeline
PublishedOct 4
KEV addedOct 5
KEV dueOct 26
Latest updateMar 11
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDapple/ipados17.017.0.3+1
CVEListV5apple/ios_and_ipadosunspecified16.7
NVDapple/iphone_os17.017.0.3+1

🔴Vulnerability Details

2
GHSA
GHSA-3rg4-6v45-69gj: The issue was addressed with improved checks2023-10-04
VulnCheck
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability2023

📋Vendor Advisories

3
Apple
CVE-2023-42824: iOS 16.7.1 and iPadOS 16.7.12023-10-10
CISA
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability2023-10-05
Apple
CVE-2023-42824: iOS 17.0.3 and iPadOS 17.0.32023-10-04

🕵️Threat Intelligence

10
Bleepingcomputer
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks2025-03-11
Bleepingcomputer
Apple fixes zero-day exploited in 'extremely sophisticated' attacks2025-02-10
Bleepingcomputer
Apple fixes this year’s first actively exploited zero-day bug2025-01-27
Bleepingcomputer
Apple fixes two zero-days used in attacks on Intel-based Macs2024-11-19
Bleepingcomputer
Apple fixes first zero-day bug exploited in attacks this year2024-01-22