Apple Releases Security Updates to Address Actively Exploited iOS Zero-Day Flaw

 

On Wednesday, Apple released security updates to fix a fresh zero-day vulnerability in iOS and iPadOS that the company claimed was already being actively exploited in the wild.

The kernel vulnerability, identified as CVE-2023-42824, could be exploited by a local attacker to gain elevated privileges. The iPhone manufacturer claimed that better checks were used to address the issue.

In a brief advisory, Apple stated, "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6."

Even while more information about the attacks' nature and the threat actors who carried them out is still unclear, successful exploitation most certainly requires an attacker to have already established a foothold through some other method.

Apple's most recent patch also fixes CVE-2023-5217, a WebRTC component vulnerability that Google last week defined as a heap-based buffer overflow in the VP8 compression codec in libvpx.
For the following devices, the updates, iOS 17.0.3 and iPadOS 17.0.3, are available:
iPhone XS and later.

The iPad Pro 12.9-inch and later models, the iPad Pro 10.5-inch and later models, the iPad Pro 11-inch and later models, the iPad Air 3rd generation and later models, the iPad 6th generation and later models, and the iPad mini 5th generation and later models. Since the beginning of the year, Apple has fixed a total of 17 actively exploited zero-days in its software.

It also arrives two weeks after Cupertino released patches to address three issues (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993), all of which are alleged to have been used by an Israeli spyware company named Cytrox to infect an iPhone belonging to a former Egyptian lawmaker named Ahmed Eltantawy with the Predator malware earlier this year.

It's worth mentioning that CVE-2023-41992 also relates to a flaw in the kernel that allows local attackers to gain privilege escalation.
It is unclear whether the two problems are related, and whether CVE-2023-42824 is a patch bypass for CVE-2023-41992.

In a recent investigation, Sekoia stated that it discovered infrastructural similarities between customers of Cytrox (aka Lycantrox) and another commercial spyware company called Candiru (aka Karkadann) in December 2021, most likely owing to the use of both spyware technologies.

"The infrastructure used by Lycantrox consists of VPS hosted in several autonomous systems," the French cybersecurity firm explained, adding that each customer appears to run their own instances of VPS and administer their own domain names associated with it.

Tip: Users who are at danger of being targeted should enable Lockdown Mode to decrease their vulnerability to mercenary spyware attacks.

The Blackcat Gang has managed to pull off one of the largest medical data breaches in history, stealing information from 2.5 million patients of McLaren Health Care.

 In the United States, Michigan is home to the non-profit healthcare organization McLaren Health Care. Through its network of hospitals, clinics, and healthcare facilities, it is one of the state's largest integrated health systems and provides healthcare to a sizeable section of the population.

McLaren Health Care was added to the list of victims on the ALPHV/BlackCat ransomware gang's Tor leak site. Data belonging to 2.5 million patients of McLaren Health Care, according to the group, have allegedly been taken.

The ransomware gang that the company was suspected of using tried to hide the security lapse. The ransomware group also stated that they continue to have access to the company's network.

"It would have been more fascinating if a Mclaren official had discussed in an interview how they skillfully tried to hide the fact that their network had been hacked and asked not to disclose the stolen data. Mclaren was planning a way out, but instead, they compromised the private information of 2.5 million of their patients. It is merely lip service to say that you would protect your consumers' interests and privacy.

Maclaren We've shown you that you have the lowest level of security ever. You choose to play with us, our backdoor is still active on your network, and we know how to have fun. We also have a fantastic sense of humor. I'll see you later. reads the letter that the ALPHV group posted on its leak website.

The global provider of audio and video equipment for cars and other vehicles, Clarion, as well as the hotel brand Motel One, were among the recent targets of the Alphv ransomware organization, which has been highly active during this time.

15 additional US hospitals and 2 HMOs have reportedly been compromised by the ALPHV BlackCat Ransomware, according to cyber security researcher Dominic Alvieri.