September 22, 2023

iOS 16.6.1 and iOS 17.0

Low poly image of iphone on a table

Lookout Coverage and Recommendation for Admins

Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren’t exposed through the vulnerabilities in iOS 16.6.1 and earlier, Lookout admins should set default OS Out of Date policy to have a minimum iOS version of 17.0.1 for applicable models.They can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.

In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device. Finally, Lookout will detect if an attacker is successfully able to compromise the device at the OS level. 

Overview

Apple recently released two software updates for iOS and iPad OS  —  16.7 and 17.0.1. These versions contain important security patches for vulnerabilities for which Apple has reports of exploitation in the wild. These three vulnerabilities form an exploit chain and are also known to install Cytrox’s Predator spyware.

  1. CVE-2023-41992: a kernel vulnerability which could result in privilege escalation for a local attacker
  2. CVE-2023-41991: a security vulnerability where a malicious app can bypass signature validation
  3. CVE-2023-41993: a Webkit vulnerability allowing execution of arbitrary code while processing web content

The latest version of iOS is 16.7 for iPhone 8 and later, whereas the version 17.0.1 is for iPhone XS and later 

Lookout Analysis

The two notable aspects of these releases are that the vulnerabilities listed are known to be actively exploited and the fixes are released for all models of iPhone currently supported by Apple (iPhone 8 and later)

The active exploitation, privilege escalation and remote code execution makes it very important for users to update their OS versions, regardless of the models they are using. We strongly recommend that the iPhone and iPad users keep their devices on auto update for OS versions so that the security fixes can be applied as soon as they are released. Apple has mentioned that these patches contain patches for additional vulnerabilities and that they will update the details of those in coming days.

It is likely that the Webkit vulnerability can be executed by processing malcrafted web pages, which then provide the attacker with  higher privileges. To help protect against this threat and others like it, Lookout takes a multifaceted approach to protect mobile users from malicious phishing campaigns and mobile applications that are built to exploit these vulnerabilities. Lookout has coverage in place for the Predator spyware mentioned above. It will also detect if an attacker is successfully able to compromise the device at the OS level. 

CISA guidelines have been updated since the original release of this article that mandate all government agencies to update to the latest OS version by October 19th, 2023.

Authors

Lookout

Cloud & Endpoint Security

Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.

Platform(s) Affected
iOS
Threat Type
Vulnerability
Entry Type
Threat Guidances
Platform(s) Affected
iOS
Vulnerability
Threat Guidances
A woman using her phone and laptop on a train ride.

Lookout Mobile Endpoint Security

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Advanced mobile Endpoint Detection & Response powered by data from 185M+ apps and 200M+ devices on iOS, Android, ChromeOS.

HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell