Two new zero-day vulnerabilities have been discovered in iOS and iPadOS 17.4 versions that could allow threat actors to bypass memory protections and perform arbitrary kernel read and write on the affected devices.
These two vulnerabilities have been assigned with CVE-2024-23225 and CVE-2024-23296.
However, Apple has addressed these two vulnerabilities in their recent security advisory and has issued patches for fixing them.
Apple also stated that they were aware of the report that threat actors may have exploited these two vulnerabilities in the wild.
iOS 0-day Flaw Patched
CVE-2024-23225 : Arbitrary Kernel Read/Write Vulnerability
This particular vulnerability exists in the iOS kernel due to a memory corruption issue that could allow threat actors to perform arbitrary kernel read and write by bypassing kernel protections.
The severity for this vulnerability is yet to be categorised.
Products affected by this vulnerability include iPhone XS and, later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
CVE-2024-23296 : Arbitrary kernel Read/Write Vulnerability
RTKit is Apple’s Real-Time Operating System that is widespread on almost all of the devices including iPhone, iPad and Apple Watch.
However, this vulnerability was similar to the previously mentioned vulnerability and could allow threat actors to perform arbitrary read/write on the kernel bypassing kernel protections.
The severity of this vulnerability is also yet to be categorized.
Products affected by this vulnerability include iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
Apple stated that they have addressed these vulnerabilities by improving the validation of inputs.
In addition to these vulnerabilities, CVE-2024-23256 and CVE-2024-23243 were also addressed which were associated with Accessibility and Safe Private Browsing.
Apple has urged its users to install their latest security patch and versions for addressing these vulnerabilities and preventing them from getting exploited by threat actors.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter