Apple has released a patch for three zero-day vulnerabilities in iOS 17.0.1 and iPadOS 17.0.1. These vulnerabilities, which were actively exploited in earlier versions of iOS, have now been addressed by Apple.
The first vulnerability, known as CVE-2023-41992, is a kernel flaw that could potentially allow an attacker to elevate privileges. The second vulnerability, CVE-2023-41991, enables a malicious app to bypass signature validation. The third vulnerability, CVE-2023-41993, is a WebKit bug that allows a threat actor processing web content to execute arbitrary code.
Apple has identified the devices that are vulnerable to these zero-day vulnerabilities. The list includes iPhone XS and later models, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, and iPad 6th generation and later models.
Two researchers, Bill Marczak of Citizen Lab at the University of Toronto’s Munk School, and Maddie Stone of Google’s Threat Analysis Group, were credited for discovering these vulnerabilities. Citizen Lab has been actively involved in uncovering various zero-day vulnerabilities, including those related to Apple products.
Citizen Lab recently reported the discovery of CVE-2023-41064, a zero-click, zero-day vulnerability that was exploited by the NSO Group to deliver its Pegasus spyware. In their report, Citizen Lab researchers explained that CVE-2023-41064 was used in a new NSO exploit chain named “Blastpass.” Apple subsequently patched another zero-day vulnerability, CVE-2023-41061, which was also part of the Blastpass exploit.
Apple has previously sued the NSO Group for its cyber attacks on Apple users in 2021. However, when asked about the possibility of the three newly disclosed flaws being exploited by spyware vendors such as the NSO Group, Apple declined to comment.
In an update to the story, Citizen Lab published new research attributing the exploitation of the three Apple zero-day flaws to Cytrox’s Predator spyware. According to Citizen Lab, Ahmed Eltantawy, a former member of the Egyptian Parliament, was targeted by Predator spyware between May and September 2023. The report highlighted that the targeting occurred after Eltantawy publicly announced his plans to run for President in the 2024 Egyptian elections.
The investigation conducted by Citizen Lab revealed that the Predator spyware was injected into Eltantawy’s phone via a Sandvine PacketLogic device located in Egypt. Based on these findings, Citizen Lab confidently attributed the attack to the Egyptian government.
TechTarget Editorial has reached out to Citizen Lab for further details on their research.
In conclusion, Apple has successfully patched three zero-day vulnerabilities in its latest iOS and iPadOS updates. These vulnerabilities were actively exploited in previous versions and may have allowed threat actors to execute arbitrary code and bypass security measures. With the help of researchers from Citizen Lab and Google’s Threat Analysis Group, Apple was able to identify and address these vulnerabilities. However, the companies responsible for exploiting these vulnerabilities, such as the NSO Group and Cytrox, continue to pose significant threats to user privacy and security.