Two zero-day vulnerabilities have been uncovered in iOS and iPadOS 17.4 versions, enabling threat actors to circumvent memory protections and execute arbitrary kernel read and write operations on affected devices.
These vulnerabilities have been assigned CVE-2024-23225 and CVE-2024-23296. Fortunately, Apple has promptly addressed them in their latest security advisory, providing patches for resolution.
Additionally, Apple acknowledged reports suggesting that threat actors may have exploited these vulnerabilities in the wild.
iOS 0-day Flaw Patched
CVE-2024-23225: Arbitrary Kernel Read/Write Vulnerability
This vulnerability arises in the iOS kernel due to a memory corruption issue, enabling threat actors to execute arbitrary kernel read and write operations by circumventing kernel protections.
The severity of this vulnerability has yet to be categorized.
Affected products include iPhone XS and later models, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
CVE-2024-23296: Arbitrary Kernel Read/Write Vulnerability
RTKit serves as Apple’s Real-Time Operating System, widely utilized across various devices including iPhone, iPad, and Apple Watch.
This vulnerability mirrors the previously mentioned issue, enabling threat actors to execute arbitrary read/write operations on the kernel, bypassing kernel protections.
Similar to the previous vulnerability, the severity of this issue has yet to be categorized.
Affected products include iPhone XS and later models, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
Apple has addressed these vulnerabilities by enhancing input validation.
Furthermore, Apple has also addressed CVE-2024-23256 and CVE-2024-23243, which were associated with Accessibility and Safe Private Browsing.Apple urges its users to promptly install the latest security patches and updates to mitigate the risk of exploitation by threat actors.
Leave A Comment