Apple Zero-Day Vulnerability

Published On: March 6, 2024Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediates TWO new zero-day vulnerabilities for iPhones, Macs, and Apple TV, that has been exploited in the wild by threat actors.

The vulnerability can be tracked as CVE-2024-23225, and is described as a memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections devices.

The second one can be tracked as CVE-2024-23296, and can be described as a memory corruption issue in the RTKit real-time operating system (RTOS) that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections.

This issue is fixed in the following devices:

  • iOS 7.6 and iPadOS 16.7.6 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
  • iOS 4 and iPadOS 17.4 – iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

What is a zero-day vulnerability?

In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers and security researchers were aware of it and could provide a patch/update.

How to check for new updates:

SensCy highly recommends turning on the Automatic Updates on all Apple devices and products.

On your iPhone/iPad, go to the Settings App, scroll down to General, Click Software Update, Turn on Automatic Updates. If you need additional information, use these Apple links: iPhone/ iPad: macOS

Related Posts

  • July 10, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]

  • July 9, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, May 14, 2024. This month Microsoft fixes four [...]

  • June 29, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 183 vulnerabilities discovered, including 135 WordPress plugin [...]