Patch iPhones, iPads, Apple urges

Share post:

Apple today released emergency patches for a wide range of iPhones and iPads.

Users should ensure their devices are running versions 17.0.3 of the operating systems.

The update closes two vulnerabilities:

— CVE-2023-42824, a hole in the kernel that could allow a local attacker to elevate their access privileges. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the CVE notice says; 

— and CVE-2023-5217, a heap buffer overflow in Google Chrome’s libvpx library that could be triggered by a maliciously crafted HTML page.

Affected are

— iPhone XS and later;

— iPad Pro 12.9-inch 2nd generation and later

— iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later;

— iPad Air 3rd generation and later;

— iPad 6th generation and later;

— and iPad mini 5th generation and later.

This latest update follows the release last week of iOS 17.0.2. The previous week, Apple issued iOS/iPadOS 17.0.1 for iPhones and iPads to fix vulnerabilities stemming from the discovery by the University of Toronto’s Citizen Lab and Google of an iPhone zero-day exploit chain used to secretly install Cytox’s Predator spyware.

The post Patch iPhones, iPads, Apple urges first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

FBI rapidly hacks into Trump shooter’s phone, raises privacy concerns

Just two days after the attempted assassination at a Trump rally, the FBI announced it had gained access...

Disney investigating a potential major leak of internal communications

Disney is investigating a significant data breach by the hacking group Nullbulge, which claims to have accessed and...

Kaspersky to shut down its US business due to sanctions

Russian cybersecurity firm Kaspersky Lab announced it will cease its U.S. operations starting July 20, following sanctions from...

Google’s Gemini AI caught scanning private Google Drive documents without permission

Google's Gemini AI has come under fire for scanning private PDF documents in Google Drive without user consent....

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways