High Threat Security Alert (A23-09-17): Multiple Vulnerabilities in Apple iOS and iPadOS

Description:

Apple has released iOS 16.7, iOS 17.0.1, iPadOS 16.7 and iPadOS 17.0.1 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/en-us/HT213926
https://support.apple.com/en-us/HT213927

Reports indicate that multiple vulnerabilities (CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993) are being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

The vulnerabilities (CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993) also affected Apple devices running iOS 17 prior to version 17.0.1 and iPadOS 17 prior to version 17.0.1. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• iPhone 8 and later
• iPad 5th generation and later, Air 3rd generation and later, mini 5th generation and later, Pro (all models)

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to arbitrary code execution, privilege escalation or security restriction bypass on an affected device.

Recommendation:

Apple has released iOS 16.7, iOS 17.0.1, iPadOS 16.7 and iPadOS 17.0.1 to address the issue.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://support.apple.com/en-us/HT213926
• https://support.apple.com/en-us/HT213927
• https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20230922
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41991 (to CVE-2023-41993)