What is CVE-2023-42824?

CVE-2023-42824 is a high-severity vulnerability affecting Apple's iOS and iPadOS software on various devices, including iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later. This vulnerability allows a local attacker to elevate their privileges, and Apple has reported that it may have been actively exploited in earlier versions of iOS.

Who is impacted by CVE-2023-42824?

The affected versions include Apple iPadOS versions up to 16.7.1 and 17.0 to 17.0.3, as well as Apple iPhone OS versions up to 16.7.1 and 17.0 to 17.0.3.

What should I do if I’m affected?

If you're affected by the CVE-2023-42824 vulnerability, it's crucial to take action to protect your device. Follow these simple steps to mitigate the risk:

1. Update your device to iOS 16.7.1 or iPadOS 16.7.1, which contain the necessary security patches.

2. Regularly check for and install any new updates to ensure you have the latest security improvements.

By keeping your device up-to-date, you can minimize the risk posed by this and other vulnerabilities.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-42824 vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog. It is named "Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability" and was added to the catalog on October 5, 2023.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

To better understand its impact and mitigation, refer to the NVD page and the sources listed below.

• About the security content of iOS 16.7.1 and iPadOS 16.7.1 - Apple Support

• BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities | CISA

• Known Exploited Vulnerabilities Catalog