Lookout Coverage and Recommendation for Admins
Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren’t exposed through these vulnerabilities, Lookout admins should set the default OS Out of Date policy to have a minimum iOS version of 17.0.3 for applicable models. Admins can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.
In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device. Finally, Lookout will detect if an attacker is successfully able to compromise the device at the OS level.
Apple released two emergency software updates for iOS and iPadOS last week to patch vulnerabilities that were reportedly being exploited in the wild. The patched OS versions, 16.7.1 (for iPhone 8 and later) and 17.0.3 (for iPhone XS and later), contain important security patches for the two following CVEs:
- CVE-2023-42824 - a kernel vulnerability which could result in privilege escalation for a local attacker
- CVE-2023-5217 - a buffer overflow may result in arbitrary code execution
Out of these two vulnerabilities, Apple has reports of CVE-2023-42824 being actively exploited. This vulnerability is also in CISA’s list of actively exploited vulnerabilities, making it mandatory for all government organizations to patch by October 26th, 2023.
The active exploitation, privilege escalation and remote code execution via CVE-2023-42824 makes it very important for users to update their OS versions, regardless of the models they are using. We strongly recommend that the iPhone and iPad users keep their devices on auto update for OS versions so that the security fixes can be applied as soon as they are released.
Our analysis also shows it’s likely that the WebRTC vulnerability (CVE-2023-5217) can be executed when the target device processes malcrafted web pages, and if successfully executed could grant the attacker higher privileges on the device. To help protect against this threat and others like it, Lookout takes a multifaceted approach to protect mobile users from modern attack chains that leverage malicious phishing campaigns as the first step of exploiting a known vulnerability malicious phishing campaigns and mobile malware that are built to exploit these vulnerabilities.
Related Threat Discoveries
CVE-2023-5217 is a vulnerability disclosed in libvpx that affects multiple browsers that use libvpx including Chrome, Firefox, and Firefox Focus for Android