[CDP-development] TLP:GREEN (Zero-Day Alert Notification) CVE-2023-42824 Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Thu Oct 5 11:25:22 PDT 2023 

Good morning,

The SOC Services team is reporting on the vulnerability: CVE-2023-42824 Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On October 4, 2023, Apple released a security advisory related to CVE-2023-42824. On October 5, 2023, CISA added CVE-2023-42824 to the known exploited vulnerabilities catalog.

The following versions of iOS address the vulnerability:

  *   iOS 17.0.3
  *   iPadOS 17.0.3
The patches are available for the following Apple devices:

  *   iPhone XS and later
  *   iPad Pro 12.9-inch 2nd generation and later
  *   iPad Pro 10.5-inch
  *   iPad Pro 11-inch 1st generation and later
  *   iPad Air 3rd generation and later
  *   iPad 6th generation and later
  *   iPad mini 5th generation and later

Apple has released security advisory HT213961 regarding CVE-2023-42824, the security advisory can be found here: https://support.apple.com/en-us/HT213961

Intelligence: As of October 4, 2023, the vulnerability has been confirmed as being exploited in the wild. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6. The issue was addressed with improved checks.

Workarounds: There are no workarounds for this vulnerability.

How it works: Apple rarely releases information about how exploits against its products are executed, due to this there is no additional as to how this exploit works.

Post-Exploit: Upon successful exploitation of the vulnerability, a local attacker may be able to elevate their privileges.

Additional Resources:

The InTune team has provide the attached documents, which can be tailored to your needs. They provide answers to frequently asked questions about iOS updates from the perspective of both technicians and users as well as the update process.

As of 10/5/2023 Tenable has not released a plugin for this vulnerability and does not have a plugin in the pipeline.
Recommended Actions:


  *   Verify the device is charged to at least 50% and is plugged into a charger before applying patches.
  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231005/ccec4d1b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Apple_OS_Updates_Process.pdf
Type: application/pdf
Size: 280576 bytes
Desc: Apple_OS_Updates_Process.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231005/ccec4d1b/attachment-0003.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iOS Updates_FAQ_Tech.pdf
Type: application/pdf
Size: 198174 bytes
Desc: iOS Updates_FAQ_Tech.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231005/ccec4d1b/attachment-0004.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iOS Updates_FAQ_User.pdf
Type: application/pdf
Size: 189456 bytes
Desc: iOS Updates_FAQ_User.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231005/ccec4d1b/attachment-0005.pdf>

More information about the CDP-development mailing list