Apple Releases Critical Updates for Actively Exploited Zero-Day Flaws Urgently

To fix several security issues, including two that it claimed have been actively exploited in the wild, Apple has published security updates. These are the flaws that are listed:

  1. CVE-2024-23225 - An attacker with unfettered kernel read and write access can circumvent kernel memory protections by taking advantage of a memory corruption vulnerability in the kernel.
  2. CVE-2024-23296 - A memory corruption flaw in the RTKit Real-Time Operating System (RTOS) that can be used to go around kernel memory protections by an attacker with unrestricted kernel read and write access.

It's unclear at this time how the vulnerabilities are being used as weapons in the wild. Apple said enhanced validation was implemented to fix both vulnerabilities in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6. The following devices are compatible with the updates: -

  1. iOS 16.7.6 and iPadOS 16.7.6 - iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, iPhone 8, iPhone 8 Plus, and iPhone X.
  2. iOS 17.4 and iPadOS 17.4 - iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later are all compatible with the iPhone XS and later.

Since the year's beginning, Apple has fixed three actively exploited zero-days in its software, with the most recent update. It fixed a WebKit-type confusion vulnerability that affected iOS, iPadOS, macOS, tvOS, and the Safari web browser, which may have led to arbitrary code execution, towards the end of January 2024.

This development coincides with adding two vulnerabilities to the Known Exploited Vulnerabilities (KEV) database by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which requests that federal entities implement the necessary remedies by March 26, 2024.

The vulnerabilities are related to an operating system command injection vulnerability in Sunhillo SureLine that could lead to code execution with root privileges and an information disclosure hole that affects Android Pixel devices.

In a June 2023 advisory, Google admitted that it has discovered evidence suggesting that “CVE-2023-21237 may be under limited, targeted exploitation.” Regarding CVE-2021-36380, Fortinet disclosed at the end of 2017 that the IZ1H9 Mirai botnet was exploiting the vulnerability to ensnare vulnerable devices into a DDoS botnet.

Join our TTB Community on LinkedIn to stay up-to-date with the latest information.