Apple Responds to Actively Exploited Zero-Days with Urgent Security Updates
Apple has released critical security updates, addressing two actively exploited vulnerabilities. The identified flaws are as follows:
- CVE-2024-23225: A memory corruption issue in the Kernel that allows an attacker with arbitrary kernel read and write capabilities to bypass kernel memory protections.
- CVE-2024-23296: A memory corruption issue in the RTKit real-time operating system (RTOS) that enables an attacker with arbitrary kernel read and write capabilities to bypass kernel memory protections.
The specific exploitation methods in the wild remain unclear. Apple has remedied both vulnerabilities with enhanced validation in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.
The security updates apply to the following devices:
- iOS 16.7.6 and iPadOS 16.7.6: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
- iOS 17.4 and iPadOS 17.4: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
This marks Apple’s response to a total of three actively exploited zero-days in its software since the beginning of the year. In late January 2024, a WebKit type confusion flaw (CVE-2024-23222) was addressed, impacting iOS, iPadOS, macOS, tvOS, and Safari.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) included two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to apply updates by March 26, 2024. The vulnerabilities include an information disclosure flaw affecting Android Pixel devices (CVE-2023-21237) and an operating system command injection flaw in Sunhillo SureLine (CVE-2021-36380) that could lead to code execution with root privileges.
For more exclusive content, follow us on Twitter and LinkedIn.