Apple released emergency security updates to fix a new zero-day vulnerability in its iOS and iPadOS platforms that has been exploited in the wild.
Tracked as CVE-2023-42824, the kernel vulnerability could allow a local application to execute arbitrary code on the system with elevated privileges. The Cupertino giant said it addressed the issue with improved checks.
As per usual, the iPhone maker withheld additional details regarding the attacks that have exploited this flaw, only saying that it “is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.”
Besides CVE-2023-42824, Apple’s latest update (iOS 17.0.3 and iPadOS 17.0.3) addresses CVE-2023-44488 and CVE-2023-5217 related to the program libvpx library.
Separately, Australian software company Atlassian rolled out security updates to fix an actively exploited zero-day flaw affecting Confluence Data Center and Server instances.
The zero-day vulnerability (CVE-2023-22515) allows to create unauthorized Confluence administrator accounts and access Confluence instances. The issue impacts Confluence Server and Data Center 8.0.0 to 8.5.1.
Users are strongly recommended to apply patches ASAP or to restrict network access to affected devices and block access to the /setup/* endpoints on Confluence instances if the upgrade is not possible at the moment.
In addition, US networking giant Cisco has issued security updates to fix a Cisco Emergency Responder (CER) backdoor (CVE-2023-20101) that lets attackers log into unpatched systems using hard-coded credentials.