Apple Releases Critical Updates for Actively Exploited Zero-Day Flaws in an Urgent Manner
In order to fix a number of security issues, including two that it claimed had been actively exploited in the wild, Apple has published security upgrades.
These are the flaws that are listed:
CVE-2024-23225 – A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections
CVE-2024-23296 – A memory corruption issue in the RTKit real-time operating system (RTOS) that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections
It’s unclear at this time how the vulnerabilities are being used as weapons in the wild. According to Apple, enhanced validation was implemented to fix both vulnerabilities in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.
The following devices are eligible for the updates:
iOS 16.7.6 and iPadOS 16.7.6 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
iOS 17.4 and iPadOS 17.4 – iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Since the year’s beginning, Apple has fixed three actively exploited zero-days in its software, with the most recent update. It fixed a type confusion vulnerability in WebKit (CVE-2024-23222) that affected the Safari web browser and was potentially dangerous for iOS, iPadOS, macOS, tvOS, and iOS devices in late January 2024.
This development coincides with the addition of two vulnerabilities to the Known Exploited Vulnerabilities (KEV) database by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which is requesting that government entities implement the required remedies by March 26, 2024.
The vulnerabilities are related to an information disclosure vulnerability that affects Pixel smartphones running Android (CVE-2023-21237) and an operating system command injection vulnerability in Sunhillo SureLine that may allow root privilege code execution (CVE-2021-36380).
In a June 2023 alert, Google admitted to have discovered signs suggesting that “CVE-2023-21237 may be under limited, targeted exploitation.” Regarding CVE-2021-36380, Fortinet disclosed at the end of 2017 that the vulnerability was being exploited by the IZ1H9 Mirai botnet to ensnare vulnerable devices into a DDoS botnet.