Local Privilege Escalation Vulnerability in Apple iOS and iPadOS
CVE-2023-42824

7.8HIGH

Key Information:

Vendor
Apple
Status
iOS And iPad OS
Vendor
CVE Published:
4 October 2023

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

A local privilege escalation vulnerability has been identified in Apple’s iOS and iPadOS, which could allow an attacker to gain elevated privileges on an affected device. The issue was addressed in the updates iOS 16.7.1 and iPadOS 16.7.1. Apple has confirmed that there are reports of this vulnerability being actively exploited in versions prior to iOS 16.6. Users are encouraged to update their devices to the latest versions to ensure their security.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 16.7

News Articles

favicon imageThe Hacker News

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Attention iPhone and iPad users! Apple rushes in with iOS 17.0.3 and iPadOS 17.0.3 updates to patch an actively exploited kernel vulnerability.

References

https://support.apple.com/en-us/HT213972

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by The Hacker News

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.