Apple warns users against critical memory corrupting attacks

Apple is advising immediate patching against two critical zero-day vulnerabilities attackers are using to carry out memory corruption attacks on Apple devices.

Tracked as CVE-2024-23225 and CVE-2024-23296, the vulnerabilities allow attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections on iOS kernel and RTKit (Apple’s real-time operating system), respectively.

“Apple is aware of a report that this issue may have been exploited,” Apple said in a patch note, adding that the “memory corruption issue was addressed with improved validation.”

With this rollout, Apple has patched three zero-days this year, the first being a Webkit confusion issue (CVE-2024-23222) patched in January.

Patched in iOS 17.4 and iPadOS 17.4

Necessary patching has been applied in the latest software updates for iPhones and iPads with releases iOS 17.4 and iPadOS 17.4, respectively.

While Apple refrained from disclosing the details of known exploitations or their discovery, it listed out the impacted devices the patches are now available for. These include iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button