Apple releases an update to fix two vulnerabilities in its older devices

Apple has released security updates for older iPhone and iPad devices to address security vulnerabilities that have been exploited in cyberattacks. The company is aware of a report indicating that this issue has been actively exploited against the previous iOS version before version 16.6.

The first security vulnerability is related to privilege escalation and stems from a weakness in the XNU kernel, allowing attackers to elevate privileges on unprotected iPhone and iPad devices. This issue has been fixed in iOS 16.7.1 and iPad OS 16.7.1. However, the entity that discovered the vulnerability has not been disclosed yet.

The other vulnerability arises from a flaw in exceeding the buffer size of the temporary cache within the VP8 codec system of the open-source libvpx video encoding library. This flaw could potentially allow threat actors to execute arbitrary code successfully when exploiting the vulnerability.

While Apple has not confirmed real-world exploitation cases of these vulnerabilities, Google and Microsoft have both issued patches for these vulnerabilities in their products. It is worth noting that Google and its affiliated threat analysis group analyze and report immediate vulnerabilities that are exploited by state-sponsored threat actors in targeted attacks. The affected devices by these two security vulnerabilities include iPhone 8 and newer devices, all iPad Pro models, the third and newer generations of iPad Air, the fifth and newer generations of iPad, and the fifth and newer generations of iPad Mini.