October 4, 2023 Apple today released emergency patches for a wide range of iPhones and iPads.

Users should ensure their devices are running versions 17.0.3 of the operating systems.

The update closes two vulnerabilities:

— CVE-2023-42824, a hole in the kernel that could allow a local attacker to elevate their access privileges. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the CVE notice says; 

— and CVE-2023-5217, a heap buffer overflow in Google Chrome’s libvpx library that could be triggered by a maliciously crafted HTML page.

Affected are

— iPhone XS and later;

— iPad Pro 12.9-inch 2nd generation and later

— iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later;

— iPad Air 3rd generation and later;

— iPad 6th generation and later;

— and iPad mini 5th generation and later.

This latest update follows the release last week of iOS 17.0.2. The previous week, Apple issued iOS/iPadOS 17.0.1 for iPhones and iPads to fix vulnerabilities stemming from the discovery by the University of Toronto’s Citizen Lab and Google of an iPhone zero-day exploit chain used to secretly install Cytox’s Predator spyware.

The post Patch iPhones, iPads, Apple urges first appeared on IT World Canada.