• Home
  • |
  • Blog
  • |
  • How to Protect Your Apple Devices From CVE-2023-42824 and CVE-2023-5217?
How to Protect Your Apple Devices From CVE-2023-42824 and CVE-2023-5217

Apple recently released iOS 17.0.3 and iPadOS 17.0.3 to address two critical vulnerabilities, CVE-2023-42824 and CVE-2023-5217, that could allow malicious actors to execute arbitrary code on affected devices. These flaws affect various iPhone and iPad models and could be exploited if a user visits a malicious website or is targeted by specially crafted web content.

To protect your Apple devices, it is essential to apply the latest updates as soon as possible to ensure your devices are protected against potential attacks leveraging these vulnerabilities. We published this blog post to provide an overview of the vulnerabilities Apple devices impacted, and educate thesecmaster.com users on keeping your devices secure. before we jump into the topic of discussion, let us see a short introduction about WebRTC since these flaws stemmed from the Kernel and the WebRTC of the Apple products.

A Short Introduction About WebRTC

WebRTC (Web Real-Time Communications) is an open-source project that enables real-time video, voice, and data-sharing capabilities in web and mobile applications. It allows direct peer-to-peer communication between browsers and mobile platforms without requiring an intermediary server.

WebRTC provides JavaScript APIs that web developers can use to build powerful communication solutions like video conferencing, file sharing, messaging apps, etc. right into the browser. Major companies like Google, Apple, Microsoft, and Mozilla are involved in developing this technology and support WebRTC in their web browsers.

On mobile platforms like iOS and Android, WebRTC is implemented as a library that gives native apps the same real-time communication capacities. Overall, WebRTC makes it easy to add interactive media streaming to apps and sites across all major platforms.

The Summary of CVE-2023-42824 and CVE-2023-5217

CVE-2023-42824 is a vulnerability in the kernel component of iOS and iPadOS that could allow a local attacker to elevate privileges. Apple said that it addressed this issue with improved input validation checks. Apple also wrote that it is aware of a report that this issue could have been actively exploited against versions of iOS released older than iOS 16.6..

CVE-2023-5217 is a buffer overflow vulnerability in WebRTC, the web real-time communication component integrated into Safari and other browsers. This issue could enable attackers to execute arbitrary code through manipulations of the memory buffer. It was mitigated by Apple updating the WebRTC library to version libvpx 1.13.1.

Both flaws enable arbitrary remote code execution and represent high-severity risks, especially for older iOS versions that lack security patches. The vulnerabilities can be triggered by simply visiting a compromised website or interacting with maliciously crafted web content.

Apple Products Vulnerable to CVE-2023-42824 and CVE-2023-5217

These flaws affect all iOS and iPadOS devices older than 17.0.3.

How to Protect Your Apple Devices From CVE-2023-42824 and CVE-2023-5217?

Apple rolled out patches for the following devices and urged users to update their devices to version iOS 17.0.3 and iPadOS 17.0.3.

  • iPhone XS and later
  • iPad Pro 12.9-inch 2nd generation and later
  • iPad Pro 10.5-inch
  • iPad Pro 11-inch 1st generation and later
  • iPad Air 3rd generation and later
  • iPad 6th generation and later
  • iPad mini 5th generation and later
See Also  Step-by-Step Guide to Install Raspberry Pi OS on a Raspberry Pi Single Board Computer!

Navigate this path to check for updates on your devices: Go to Settings > General > Software Update.

It is good to adhere to these general guidelines to be protected from security issues.

  1. Stay Informed: Keep yourself updated on the latest security threats and vulnerabilities affecting Apple devices. Follow reliable sources, such as Apple’s security advisories, to stay informed about potential risks and the necessary steps to address them.
  2. Update Your Software: Apple frequently releases security updates for its operating systems and applications, including iOS, iPadOS, macOS, and Safari web browsers. Always update your devices to the latest software versions to ensure you have the most recent security patches:
  3. Be Cautious of Suspicious Links and Websites: Avoid clicking on suspicious links or visiting untrusted websites, as they may contain malicious web content designed to exploit vulnerabilities in WebKit. Always ensure the websites you visit are secure and verified.
  4. Use Security Software: Install reputable security software, such as antivirus and anti-malware applications, to protect your devices from potential threats. Regularly update your security software and run scans to detect and remove any malicious elements.
  5. Enable Automatic Updates: To avoid missing critical updates, enable automatic updates on your Apple devices. This way, your devices will automatically install the latest security patches and software updates without any manual intervention.

We hope this post helps you know how to protect your Apple devices from CVE-2023-42824 and CVE-2023-5217. Thanks for reading this post. Please share this post and help secure the digital world. Visit our website thesecmaster.com, and our social media page on FacebookLinkedInTwitterTelegramTumblrMedium, and Instagram and subscribe to receive updates like this.

Recommend Products for You

We have some MacBook accessory recommendations that we think you’ll find useful. These are products we’ve personally selected that we believe are must-haves for any MacBook computer. Take a moment to review the list – you can click on any item to view more details or purchase it directly from Amazon. Whether you’re just starting with your MacBook or looking to expand its capabilities, we’re confident you’ll find something helpful among our top picks. Let us know if you have any other questions!

Declaimer: The below products contain affiliate links. We may receive a small commission if you purchase through these links at no additional cost to you. You can read our full affiliate disclosure here.

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.