Apple has released critical updates to address two actively exploited zero-day vulnerabilities affecting various versions of its iPad and iPhone devices.
The flaws, designated CVE-2024-23225 and CVE-2024-23296, are memory corruption vulnerabilities that threat actors with kernel read and write access can exploit to bypass kernel-level memory protections, potentially leading to the installation of malicious apps and denial of service conditions.
Apple has confirmed that the vulnerabilities have been exploited in the wild but did not indicate to what extent. Users of the affected devices are encouraged to upgrade to a patched version (iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6) as soon as possible.
Source: The Hacker News
Analysis
These new vulnerabilities mark the first non-WebKit vulnerabilities for Apple in several months. In December 2023 and January 2024, Apple released a series of emergency updates to address several vulnerabilities in its WebKit browser engine that could allow threat actors to gain access to sensitive data and execute arbitrary code on the device after visiting a specifically crafted website.
Vulnerabilities in mobile devices like iPhones and iPads are commonly exploited by sophisticated state-sponsored and espionage-motivated hackers looking for location and conversation history and other sensitive data contained on the mobile device.
The exploitation of these types of vulnerabilities is usually limited to a small number of high-priority targets. This is to lengthen the usability period of the flaw, as mass exploitation of vulnerabilities is typically discovered and mitigated quickly, providing threat actors with little return on their investment.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software such as Apple’s operating systems.
This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Covalence portal.
Field Effect strongly encourages users of affected Apple devices to update to the latest operating system as soon as possible.
Related articles
