Tech giant Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones.
A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched.
The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections.
he company says it addressed the security flaws for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6 with improved input validation.
The list of impacted Apple devices is quite extensive, and it includes:
- iPhone XS and later, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Apple has not shared who disclosed both zero-days or if they were discovered internally.
Bijay Pokharel
Related posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.