Multiple Vulnerabilities in Apple Products
Components Affected
- Versions prior to iOS 16.7.6 and iPadOS 16.7.6
- Versions prior to iOS 17.4 and iPadOS 17.4
Overview
Apple released security updates to fix two iOS zero-day vulnerabilities. Where a remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
Description
Apple has released security updates to address two zero-day vulnerabilities tracked by CVE-2024- 23225 and CVE-2024-23296 in their products. The vulnerabilities are reportedly being actively exploited
The vulnerabilities are
- CVE-2024-23225: A memory corruption vulnerability in the iOS kernel that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
- CVE-2024-23296: A memory corruption vulnerability in the RTKit that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Impact
- Information Disclosure
- Security Restriction Bypass
- Data Manipulation
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- iOS 16.7.6 and iPadOS 16.7.6
- iOS 17.4 and iPadOS 17.4
Reference
https://thehackernews.com/2024/03/urgent-apple-issues-critical-updates.html
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.
-
The decision we make today on cyber security will determine the security of the society in which we live tomorrow.
Total Users : 203720Designed and Developed by Procons Infotech