ƒ

HOME
Breaking News

Apple reveals two zero-day vulnerabilities in iOS

by VARINDIA 2024-03-07
Apple reveals two zero-day vulnerabilities in iOS

The most recent security update for iOS 17.4 and iPadOS 17.4 includes patches for two zero-day vulnerabilities, CVE-2024-23225 and CVE-2024-23296, which Apple revealed and made available. A "memory corruption issue" impacting the kernel is known as CVE-2024-23225. According to Apple, "an attacker with arbitrary kernel read and writes capability may be able to bypass kernel memory protections." Similar details can be found in CVE-2024-23296, however it is unique to RTKit, the operating system found in the majority of Apple processors, peripherals, and embedded devices.

 

Both flaws affect the following devices:

iPhone XS and later.

iPad Pro 12.9-inch 2nd generation and later.

iPad Pro 10.5-inch.

iPad Pro 11-inch 1st generation and later.

iPad Air 3rd generation and later.

iPad 6th generation and later.

iPad mini 5th generation and later.

 

Apple did not provide further details in the disclosure or credit specific researchers in the security advisory. Apple only noted in both cases that the vulnerabilities "may have been exploited" in the wild and that both issues were addressed via "improved validation." Neither vulnerability has been designated a CVSS score at press time.

 

In a post to X, Kaspersky noted that the flaws' capability to bypass kernel memory protections "appears to be a direct path to privilege escalation." The antivirus vendor also said the lack of credited researchers "may suggest an ongoing investigation." Kaspersky recommended that all iOS users update as soon as possible.

 

CVE-2024-23225 and CVE-2024-23296 mark the second and third zero-days Apple has addressed this year. The first came in January: CVE-2024-23222, which Apple addressed in a similar update. CVE-2024-23222 is a type confusion issue in WebKit that Apple described by saying that "Processing maliciously crafted web content may lead to arbitrary code execution."

 

Apple has disclosed a litany of zero-day flaws in recent years, many of which have been connected to exploits used by the commercial spyware industry. 

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Accops bags ‘Security Product Company of the Year’ award at DSCI 2024

Accops bags ‘Security Product Company of the Year’ award at DSCI 2024

Trend Micro Forecasts Rise of Deepfake-Powered Malicious Digital Twins

Trend Micro Forecasts Rise of Deepfake-Powered Malicious Digital Twins

Fortinet elevates web application security and performance with FortiAppSec Cloud

Fortinet elevates web application security and performance with FortiAppSec Cloud

SOFTWARE
View All
GitHub announces a new free tier for GitHub Copilot in VS Code

GitHub announces a new free tier for GitHub Copilot in VS Code

Pic2Alt announces AI-driven SaaS for Alt Text generation

Pic2Alt announces AI-driven SaaS for Alt Text generation

UiPath named leader in Everest Group IA Platforms PEAK Matrix 2024

UiPath named leader in Everest Group IA Platforms PEAK Matrix 2024

START - UP
View All
Zoho enhances YCP with AI learning and ‘Train the Trainer’ module

Zoho enhances YCP with AI learning and ‘Train the Trainer’ module

TiE Global Summit 2024: A Global Gathering of Entrepreneurs

TiE Global Summit 2024: A Global Gathering of Entrepreneurs

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
COLORFUL rolls out iGame Shadow DDR5 memory series

COLORFUL rolls out iGame Shadow DDR5 memory series

Micromax and Phison introduce MiPhi for next-gen NAND storage

Micromax and Phison introduce MiPhi for next-gen NAND storage

India surpasses US, Canada in malware targets

India surpasses US, Canada in malware targets

Banks Need a Strategic Approach to Combat Mule Accounts

Banks Need a Strategic Approach to Combat Mule Accounts

The Future of Data Agents in Enterprise AI

The Future of Data Agents in Enterprise AI

Quantum Computing To Reshape Financial Services

Quantum Computing To Reshape Financial Services

GlobalLogic and Nokia to accelerate innovation in 5G enterprise solutions

GlobalLogic and Nokia to accelerate innovation in 5G enterprise solutions

U.S. Officials Urge Americans to Switch to Encrypted Apps After Major Cyberattack

U.S. Officials Urge Americans to Switch to Encrypted Apps After Major Cyberattack

India has no plans for de-dollarisation

India has no plans for de-dollarisation

AI/ML: Revolutionizing Policing and Forensics

AI/ML: Revolutionizing Policing and Forensics