In order to fix a number of security issues, including two that it claimed have been actively exploited in the wild, Apple has published security updates.
These are the flaws that are listed:
A memory corruption vulnerability in the kernel, identified as CVE-2024-23225, can be used by an attacker with unrestricted read and write access to circumvent kernel memory safeguards.
The RTKit real-time operating system (RTOS) has a memory corruption vulnerability (CVE-2024-23296) that an attacker with unrestricted kernel read and write access can take use of to go beyond kernel memory protections.
It's unclear at this time how the vulnerabilities are being used as weapons in the wild. According to Apple, enhanced validation was implemented to fix both vulnerabilities in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.
The subsequent devices are eligible for the updates:
iPad Pro 9.7-inch, iPad Pro 12.9-inch First Generation, iPad 5, iPad 8, iPhone 8 Plus, and iPad X are all compatible with iOS 16.7.6 and iPadOS 16.7.6.
iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later are all compatible with iOS 17.4 and iPadOS 17.4.
Since the year's beginning, Apple has fixed three actively exploited zero-days in its software, with the most recent update. It fixed a type confusion vulnerability in WebKit (CVE-2024-23222) that affected the Safari web browser and was potentially dangerous for iOS, iPadOS, macOS, tvOS, and iOS devices in late January 2024.
This development coincides with the addition of two vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalogue by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which is requesting that federal entities implement the appropriate remedies by March 26, 2024.
The vulnerabilities are related to an information disclosure vulnerability that affects Pixel smartphones running Android (CVE-2023-21237) and an operating system command injection vulnerability in Sunhillo SureLine that may allow root privilege code execution (CVE-2021-36380).
In a June 2023 advisory, Google admitted to having discovered signs suggesting that "CVE-2023-21237 may be under limited, targeted exploitation." Regarding CVE-2021-36380, Fortinet disclosed at the end of 2017 that the vulnerability was being exploited by the IZ1H9 Mirai botnet to ensnare vulnerable devices into a DDoS botnet.
Comments