iOS 16.6.1 and iOS 17.0

Lookout Coverage and Recommendation for Admins

Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren’t exposed through the vulnerabilities in iOS 16.6.1 and earlier, Lookout admins should set default OS Out of Date policy to have a minimum iOS version of 17.0.1 for applicable models.They can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.

In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device. Finally, Lookout will detect if an attacker is successfully able to compromise the device at the OS level. 

Overview

Apple recently released two software updates for iOS and iPad OS  —  16.7 and 17.0.1. These versions contain important security patches for vulnerabilities for which Apple has reports of exploitation in the wild. These three vulnerabilities form an exploit chain and are also known to install Cytrox’s Predator spyware.

1. CVE-2023-41992: a kernel vulnerability which could result in privilege escalation for a local attacker
2. CVE-2023-41991: a security vulnerability where a malicious app can bypass signature validation
3. CVE-2023-41993: a Webkit vulnerability allowing execution of arbitrary code while processing web content

The latest version of iOS is 16.7 for iPhone 8 and later, whereas the version 17.0.1 is for iPhone XS and later 

‍

Lookout Analysis

The two notable aspects of these releases are that the vulnerabilities listed are known to be actively exploited and the fixes are released for all models of iPhone currently supported by Apple (iPhone 8 and later)

The active exploitation, privilege escalation and remote code execution makes it very important for users to update their OS versions, regardless of the models they are using. We strongly recommend that the iPhone and iPad users keep their devices on auto update for OS versions so that the security fixes can be applied as soon as they are released. Apple has mentioned that these patches contain patches for additional vulnerabilities and that they will update the details of those in coming days.

It is likely that the Webkit vulnerability can be executed by processing malcrafted web pages, which then provide the attacker with  higher privileges. To help protect against this threat and others like it, Lookout takes a multifaceted approach to protect mobile users from malicious phishing campaigns and mobile applications that are built to exploit these vulnerabilities. Lookout has coverage in place for the Predator spyware mentioned above. It will also detect if an attacker is successfully able to compromise the device at the OS level. 

CISA guidelines have been updated since the original release of this article that mandate all government agencies to update to the latest OS version by October 19th, 2023.