iOS 16.7 & 17.0.2
Lookout Coverage and Recommendation for Admins
Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren’t exposed through these vulnerabilities, Lookout admins should set the default OS Out of Date policy to have a minimum iOS version of 17.0.3 for applicable models. Admins can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.
In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device. Finally, Lookout will detect if an attacker is successfully able to compromise the device at the OS level.
Overview
Apple released two emergency software updates for iOS and iPadOS last week to patch vulnerabilities that were reportedly being exploited in the wild. The patched OS versions, 16.7.1 (for iPhone 8 and later) and 17.0.3 (for iPhone XS and later), contain important security patches for the two following CVEs:
- CVE-2023-42824 - a kernel vulnerability which could result in privilege escalation for a local attacker
- CVE-2023-5217 - a buffer overflow may result in arbitrary code execution
Out of these two vulnerabilities, Apple has reports of CVE-2023-42824 being actively exploited. This vulnerability is also in CISA’s list of actively exploited vulnerabilities, making it mandatory for all government organizations to patch by October 26th, 2023.
Lookout Analysis
The active exploitation, privilege escalation and remote code execution via CVE-2023-42824 makes it very important for users to update their OS versions, regardless of the models they are using. We strongly recommend that the iPhone and iPad users keep their devices on auto update for OS versions so that the security fixes can be applied as soon as they are released.
Our analysis also shows it’s likely that the WebRTC vulnerability (CVE-2023-5217) can be executed when the target device processes malcrafted web pages, and if successfully executed could grant the attacker higher privileges on the device. To help protect against this threat and others like it, Lookout takes a multifaceted approach to protect mobile users from modern attack chains that leverage malicious phishing campaigns as the first step of exploiting a known vulnerability malicious phishing campaigns and mobile malware that are built to exploit these vulnerabilities.
Authors
Lookout
Lookout is a cybersecurity company that makes it possible for tens of millions of individuals, enterprises and government agencies to be both mobile and secure. Powered by a dataset of virtually all the mobile code in the world -- 40 million apps and counting -- the Lookout Security Cloud can identify connections that would otherwise go unseen and predict and stop mobile attacks before they do harm. The world’s leading mobile network operators, including AT&T, Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Lookout is also partnered with such enterprise leaders as AirWatch, Ingram Micro, Microsoft, and MobileIron. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.
