cbcvebase.
CVE-2023-42824
published 2023-10-04

CVE-2023-42824: The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges…

PriorityP181high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-10-26
Exploited in the wild
EPSS
0.94%
56.5th percentile
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

Affected

7 ranges
VendorProductVersion rangeFixed in
appleios_16.7.1_and_ipados
appleios_17.0.3_and_ipados
appleios_and_ipados>= unspecified < 16.716.7
appleipados< 16.7.116.7.1
appleipados>= 17.0 < 17.0.317.0.3
appleiphone_os< 16.7.116.7.1
appleiphone_os>= 17.0 < 17.0.317.0.3

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-42824 is a local privilege escalation vulnerability in the Apple iOS/iPadOS kernel that was actively exploited in the wild against versions of iOS before iOS 16.6. Detection should focus on unexpected privilege escalation events on iOS/iPadOS devices running versions prior to 16.6.
  • Devices running iOS or iPadOS versions prior to 16.7.1 or 17.0.3 should be treated as potentially vulnerable and prioritized for patching or MDM-based compliance enforcement.
  • ·The vulnerability is described as 'unspecified' with no public technical details about the root cause or exploitation mechanism, limiting the ability to write precise behavioral detection rules.
  • ·Exploitation requires local access to the device; remote exploitation has not been reported, which constrains the attack surface to scenarios where an adversary already has physical or logical access.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.