Apple is advising immediate patching against two critical zero-day vulnerabilities attackers are using to carry out memory-corruption attacks on Apple devices.
Tracked as CVE-2024-23225 and CVE-2024-23296, the vulnerabilities allow attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections on iOS kernel and RTKit (Appleâs real-time operating system), respectively. âApple is aware of a report that this issue may have been exploited,â Apple said in a patch note, adding that the âmemory corruption issue was addressed with improved validation.â
With this rollout, Apple has patched three zero-days this year, the first being a Webkit confusion issue (CVE-2024-23222) patched in January.
Patched in iOS 17.4 and iPadOS 17.4
Necessary patching has been applied in the latest software updates for iPhones and iPads with releases iOS 17.4 and iPadOS 17.4, respectively.
While Apple refrained from disclosing the details of known exploitations or their discovery, it listed out the impacted devices the patches are now available for. These include iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
Additionally, the company issued patches for devices pulled out of iOS 17 and iPadOS 17 support, which include iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. The patched updates for these devices are iOS 16.7.6 and iPadOS 16.7.6.
Apart from the two zero days, releases of iOS 17.4 and iPadOS 17.4 patched up a couple of privacy bugs, CVE-2024-23243 and CVE-2024-23256, both allowing access to a userâs private data. Many Apple bugs have been weaponized in the past, few with nation-state interests before the iPhone maker has had the time to work on and apply a patch. Last year, Apple products were hit with over 20 zero-days, the most recent being the info-stealing bugs affecting Macs and iPads.