Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerability in Apple Products
Alerts

Active Exploitation of Zero-Day Vulnerability in Apple Products

5 October 2023

Apple has released security updates to address a zero-day high-severity vulnerability (CVE-2023-5217) in their products. The vulnerability is reportedly being actively exploited.

Successful exploitation of the heap buffer overflow vulnerability in the VP8 encoding of the open-source libvpx video codec library could allow an attacker to perform arbitrary code execution.

The vulnerability affects the following products:

  • iPhone XS and later

  • iPad Pro 12.9-inch 2nd generation and later

  • iPad Pro 10.5-inch

  • iPad Pro 11-inch 1st generation and later

  • iPad Air 3rd generation and later

  • iPad 6th generation and later

  • iPad mini 5th generation and later

Users of the affected products are advised to update to the latest versions immediately.

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/en-us/HT213961

https://nvd.nist.gov/vuln/detail/CVE-2023-5217

https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/

https://securityonline.info/cve-2023-42824-cve-2023-5217-two-zero-day-vulnerabilities-in-apple-ecosystem/?expand_article=1

Back to top