Search here...
SUBSCRIBE
Security

Patch iPhones, iPads, Apple urges

Share post:

Howard Solomon
Howard Solomon
1 min.

Apple today released emergency patches for a wide range of iPhones and iPads.

Users should ensure their devices are running versions 17.0.3 of the operating systems.

The update closes two vulnerabilities:

— CVE-2023-42824, a hole in the kernel that could allow a local attacker to elevate their access privileges. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the CVE notice says; 

— and CVE-2023-5217, a heap buffer overflow in Google Chrome’s libvpx library that could be triggered by a maliciously crafted HTML page.

Affected are

— iPhone XS and later;

— iPad Pro 12.9-inch 2nd generation and later

— iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later;

— iPad Air 3rd generation and later;

— iPad 6th generation and later;

— and iPad mini 5th generation and later.

This latest update follows the release last week of iOS 17.0.2. The previous week, Apple issued iOS/iPadOS 17.0.1 for iPhones and iPads to fix vulnerabilities stemming from the discovery by the University of Toronto’s Citizen Lab and Google of an iPhone zero-day exploit chain used to secretly install Cytox’s Predator spyware.

The post Patch iPhones, iPads, Apple urges first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Podcasts

Cyber Security Today, May 3, 2024 – North Korea exploits weak email DMARC settings, and the latest Verizon analysis of thousands of data breaches

This episode reports on warnings about threats from China, Russia and North Korea, the hack of Dropbox Sign's infrastructure
Podcasts

Hashtag Trending for World Password Day, Thursday, May 2nd, 2024

Security firm Okta warns of an unprecendented password stuffing attack that is piggybacking on regular user’s mobile and...
Security

Google Chrome’s new post-quantum cryptography causes connection issues

The latest update to Google Chrome, version 124, which integrates a new quantum-resistant encryption mechanism, has led to...
Security

UK legislation bans weak passwords

Starting Monday, the UK will enforce new laws banning the sale of devices with weak default passwords such...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways

Subscribe Now

Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Most Popular Categories
Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals - executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways

Subscribe