Security News > 2023 > October > Apple patches another iOS zero-day under attack (CVE-2023-42824)
Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability exploited in the wild.
"Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6," the company stated.
The company addressed the vulnerability by releasing iOS 17.0.3 and iPadOS 17.0.3 updates, which also cover CVE-2023-5217 - a buffer overflow vulnerability in vp8 encoding in the libvpx video codec library that could allow arbitrary code execution.
Both vulnerabilities were reported by Citizen Lab and have been fixed in both the iOS 16 and iOS 15 branches.
In late September, Citizen Lab together with Google TAG reported three more zero-day vulnerabilities affecting iOS devices.
Apple has addressed these issues in iOS 17 and has also made updates to Lockdown Mode, a security feature that offers additional protection to high-risk users.
News URL
https://www.helpnetsecurity.com/2023/10/05/cve-2023-42824/
Related news
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-28 | CVE-2023-5217 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity webmproject microsoft mozilla fedoraproject debian apple google redhat CWE-787 | 8.8 |