Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw


Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild.

Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company noted in a terse advisory.

While additional details about the nature of the attacks and the identity of the threat actors perpetrating them are currently unknown, successful exploitation likely hinges on an attacker already obtaining an initial foothold by some other means.

Read more…