High Threat Security Alert (A23-11-22): Multiple Vulnerabilities in Apple iOS and iPadOS

Description:

Apple has released iOS 17.1.2 and iPadOS 17.1.2 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/en-us/HT214031

Reports indicate that multiple vulnerabilities (CVE-2023-42916 and CVE-2023-42917) are being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• iPhone XS and later
• iPad 6th generation and later, Air 3rd generation and later, mini 5th generation and later, Pro 10.5-inch, Pro 11-inch 1st generation and later, Pro 12.9-inch 2nd generation and later

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to arbitrary code execution or information disclosure on an affected device.

Recommendation:

Apple has released new version of iOS and iPadOS to address the issue.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://support.apple.com/en-us/HT214031
• https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20231201
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42916 (to CVE-2023-42917)