Apple Releases Urgent Updates to Address Actively Exploited Zero-Day Vulnerabilities Created

Apple Releases Urgent Updates to Address Actively Exploited Zero-Day Vulnerabilities Created

Apple has swiftly responded to critical security concerns by releasing urgent updates to rectify two actively exploited zero-day vulnerabilities. These vulnerabilities, CVE-2024-23225 and CVE-2024-23296, pose significant risks, allowing attackers with arbitrary kernel read and write capabilities to bypass crucial kernel memory protections. Apple has addressed these issues through enhanced validation mechanisms implemented in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.

The updates cater to a wide range of Apple devices, including iPhones, iPads, and specific models such as iPhone 8 and later, as well as iPad Pro models from the 2nd generation onwards. This proactive approach from Apple marks the third instance this year where the company has tackled actively exploited zero-day vulnerabilities. Previously, Apple addressed a confusion flaw in WebKit, which could lead to arbitrary code execution across various Apple platforms, including iOS, iPadOS, macOS, tvOS, and Safari web browser.

Affected Systems

-

IoC’s

-

Recommended Solution(s)

Apple has released two zero-day vulnerability updates for the following products. If you are not on iOS 17.4 or iPadOS 17.4 on your Apple devices, it is recommended that you make the specified updates as soon as possible on your personal devices specified below.

• iPhone XS and later,
• iPad Pro 12.9-inch 2nd generation and later,
• iPad Pro 10.5-inch,
• iPad Pro 11-inch 1st generation and later,
• iPad Air 3rd generation and later,
• iPad 6th generation and later, and
• iPad mini 5th generation and later

CVE / CWE

CVE-2024-23225 & CVE-2024-23296

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2024-23225
• https://nvd.nist.gov/vuln/detail/CVE-2024-23296

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.