Apple re-releases zero-day bug fix for iOS 15 for older iPhones

Spread the love

Apple has released a version of iOS 15 for older iPhones that fixes two vulnerabilities that were exploited. The details are lacking, but it is the second time in a short time that the company has released such an update. iPadOS has also been repaired.

This concerns iOS and iPadOS 15.7.5. In that update for the mobile operating systems only two vulnerabilities are fixed. Both were abused in practice, Apple writes, but as usual the company does not provide any details about this. Both bugs were reported by researchers from Google’s Threat Analysis Group and a security researcher from Amnesty International. The latter is especially interesting; it could possibly indicate that malware was distributed against human rights activists, for example, although that is speculation.

The two bugs are CVE-2023-28205 and CVE-2023-28206. The first is a bug in WebKit, Safari’s engine. This made it possible to execute code via a phishing website by abusing a use after free via a bug in the memory. The second is an out-of-bounds write bug in IOSurfaceAccelerator. This made it possible for an app to execute code at kernel level.

The bugs have been fixed for phones that cannot get the update to the newer iOS 16. These are the iPhone 6s, the iPhone 7 and the iPhone SE. For the iPad, the iPad Air 2 and the iPad mini have been repaired, as has the iPod Touch. In addition, the bug has been fixed in iOS 16.4.1 and in macOS versions Monterey, Big Sur 11.7.6 and Ventura 13.3.1.

It is the second time in a short time that Apple has released such a security update for older models of the iPhone and iPad. At the end of March, iOS and iPadOS 15.7.4 were released, which also fixed several vulnerabilities, including a zero-day.

You might also like