The operating system of the iPhone and iPad has been updated again by Apple. In addition to fixing the iPhone 15 overheating issue, iOS 17.0.3 and iPadOS 17.0.3 close two security holes, one of which was actively exploited by hackers.
No, you weren’t dreaming. For the third time since its release, iOS 17 and iPadOS 17 have been updated again. But don’t look for new features. The iOS 17.0.3 update just released by Apple actually fixes teething problems with the iPhone and iPad operating systems. In addition to solving the overheating problem that mainly affects the iPhone 15, this new version includes two security fixes.
Two zero-day vulnerabilities fixed, one actively exploited
The first bug fixed by iOS 17.0.3 and iPadOS 17.0.3, identified under the reference CVE-2023-42824, concerns a vulnerability at the heart of the operating system kernel. Specifically, this flaw, which hackers could have actively exploited in versions prior to iOS 16.6, could allow them to elevate their privileges to execute arbitrary code, provided they have direct access to the affected device.
The second zero-day bug fixed by this update is not unknown. This is the CVE-2023-5217 vulnerability discovered by Clément Lecigne, a security engineer at Google’s Threat Analysis Group, which the Mountain View company also fixed in Chrome last week.
As a reminder, this CVE-2023-5217 bug affected the open source codec library libvpx, where a heap overflow allowed potential hackers to execute arbitrary code.
Update your iPhone and iPad as soon as possible
Since the beginning of the year, Apple has fixed fewer than 17 zero-day vulnerabilities across all of its operating systems. These two vulnerabilities affect many devices. On the support page for this security update, Apple states that iPhone Air 3rd generation and newer, iPad 6th generation and newer, and iPad Mini 5th generation and newer models are affected.
If you have one of these devices, don’t wait to download and install the update. To do this, open the Settingsthen in Generallygo to the menu Software update. iOS 17 or iPadOS 17 will then check for the latest available update and then offer you to download and apply it to your iPhone or iPad.
Three days after the official launch of iOS 17, Apple had to release an initial security update to close actively exploited vulnerabilities. The Cupertino company then had to do it again with a second update aimed primarily at the iPhone 15, which suffered from a nasty bug that caused it to crash when transferring data from another iPhone.
Source: Bleeping Computer