Apple recently released iOS 17.0.3 and iPadOS 17.0.3 to address two critical vulnerabilities, CVE-2023-42824 and CVE-2023-5217, that could allow malicious actors to execute arbitrary code on affected devices. These flaws affect various iPhone and iPad models and could be exploited if a user visits a malicious website or is targeted by specially crafted web content.
To protect your Apple devices, it is essential to apply the latest updates as soon as possible to ensure your devices are protected against potential attacks leveraging these vulnerabilities. We published this blog post to provide an overview of the vulnerabilities Apple devices impacted, and educate thesecmaster.com users on keeping your devices secure. before we jump into the topic of discussion, let us see a short introduction about WebRTC since these flaws stemmed from the Kernel and the WebRTC of the Apple products.
A Short Introduction About WebRTC
WebRTC (Web Real-Time Communications) is an open-source project that enables real-time video, voice, and data-sharing capabilities in web and mobile applications. It allows direct peer-to-peer communication between browsers and mobile platforms without requiring an intermediary server.
On mobile platforms like iOS and Android, WebRTC is implemented as a library that gives native apps the same real-time communication capacities. Overall, WebRTC makes it easy to add interactive media streaming to apps and sites across all major platforms.
The Summary of CVE-2023-42824 and CVE-2023-5217
CVE-2023-42824 is a vulnerability in the kernel component of iOS and iPadOS that could allow a local attacker to elevate privileges. Apple said that it addressed this issue with improved input validation checks. Apple also wrote that it is aware of a report that this issue could have been actively exploited against versions of iOS released older than iOS 16.6..
CVE-2023-5217 is a buffer overflow vulnerability in WebRTC, the web real-time communication component integrated into Safari and other browsers. This issue could enable attackers to execute arbitrary code through manipulations of the memory buffer. It was mitigated by Apple updating the WebRTC library to version libvpx 1.13.1.
Both flaws enable arbitrary remote code execution and represent high-severity risks, especially for older iOS versions that lack security patches. The vulnerabilities can be triggered by simply visiting a compromised website or interacting with maliciously crafted web content.
Apple Products Vulnerable to CVE-2023-42824 and CVE-2023-5217
These flaws affect all iOS and iPadOS devices older than 17.0.3.
How to Protect Your Apple Devices From CVE-2023-42824 and CVE-2023-5217?
Apple rolled out patches for the following devices and urged users to update their devices to version iOS 17.0.3 and iPadOS 17.0.3.
- iPhone XS and later
- iPad Pro 12.9-inch 2nd generation and later
- iPad Pro 10.5-inch
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 6th generation and later
- iPad mini 5th generation and later
Navigate this path to check for updates on your devices: Go to Settings > General > Software Update.
It is good to adhere to these general guidelines to be protected from security issues.
- Stay Informed: Keep yourself updated on the latest security threats and vulnerabilities affecting Apple devices. Follow reliable sources, such as Apple’s security advisories, to stay informed about potential risks and the necessary steps to address them.
- Update Your Software: Apple frequently releases security updates for its operating systems and applications, including iOS, iPadOS, macOS, and Safari web browsers. Always update your devices to the latest software versions to ensure you have the most recent security patches:
- Be Cautious of Suspicious Links and Websites: Avoid clicking on suspicious links or visiting untrusted websites, as they may contain malicious web content designed to exploit vulnerabilities in WebKit. Always ensure the websites you visit are secure and verified.
- Use Security Software: Install reputable security software, such as antivirus and anti-malware applications, to protect your devices from potential threats. Regularly update your security software and run scans to detect and remove any malicious elements.
- Enable Automatic Updates: To avoid missing critical updates, enable automatic updates on your Apple devices. This way, your devices will automatically install the latest security patches and software updates without any manual intervention.