2 min Security

Apple fixes overheating issues for iPhone 15 and zero-day exploits

Apple fixes overheating issues for iPhone 15 and zero-day exploits

Apple recently released a number of updates to iOS 17 and iPadOS 17. Among them, the iPhone 15’s overheating problem has been addressed and acute zero-day exploits have been fixed.

With a recent update to iOS 17.0.3, Apple addressed the iPhone 15’s well-known overheating problem. Some other bugs and security issues that have been found, have also been fixed with the update.

Recently, many iPhone 15 users complained that their device was overheating. Apple attributes this to a problem with several third-party apps that caused the system to overwork. The tech giant worked with these providers, such as Uber, Instagram and Asphalt 9, to fix these problems. This eventually resulted in the current iOS update.

The update to iOS 17.0.3 has a size of 423.2MB and is being rolled out gradually. An update for iPadOS 17 is also available.

Fixes for new zerodays

In addition to addressing the overheating problem, Apple also took care of two zero-day exploits in iOS 17.0.3. The first zeroday, CVE-2023-42824, is a vulnerability in the XNU kernel. It allows local hackers to escalate privileges on unpaired iPhones and iPads. This vulnerability may have already been exploited on iOS versions before iOS 16.6, the tech giant indicates.

Affected devices include the iPhone XS and later, and several generations and versions of the iPad Pro, the iPad Mini, the iPad Air and the standard iPad.

VP8 encoding vulnerability also fixed

The second acute zero-day vulnerability addressed in the latest versions of iOS 17 and iPadOS 16 is CVE-2023-5217. This is a heap buffer overflow vulnerability in the VP8 encoding of the open source libvpx video codec library. This vulnerability affects the same devices as the first resolved zero-day vulnerability.

This vulnerability had previously been addressed by Google in Chrome and recently by Microsoft in its Edge browser and in its Teams for Desktop and Skype for Desktop applications.

Also read: Microsoft patches zero-day vulnerabilities in Edge, Teams and Skype