Apple launches iOS/iPadOS version 16.7.1 to fix CVE-2023-42824 zero-day flaw

While the official release of iOS 17 has been unveiled, a significant number of users remain tethered to iOS 16, primarily due to their devices’ inability to support the upgrade to iOS 17.

Last week, Apple introduced iOS 17.0.3, addressing numerous high-risk security vulnerabilities. These patches have now been extended to iOS/iPadOS 16, with the latest iteration being iOS/iPadOS 16.7.1 (20H30). This update does not introduce new features but focuses primarily on rectifying these vulnerabilities.

Apple’s update notes underscore the critical nature of these security enhancements, urging all users to adopt them promptly.

Among the resolved vulnerabilities is CVE-2023-42824, an already-exploited flaw that could allow attackers to escalate their privileges. Another is CVE-2023-5217, found within the libvpx open-source library, which is instrumental in decoding VP8 videos. This particular vulnerability has also been a target for cyberattacks.

“A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company wrote.

While this version likely encompasses other vulnerability fixes, Apple has yet to release an official security bulletin, leaving the details of these potential flaws shrouded in mystery. It’s strongly advised for users still operating on iOS 16.x to transition to this newer version.