Apple releases critical updates for actively exploited zero-day flaws

06 March 2024PressroomVulnerability/Zero Day

Apple has released security updates to address several security flaws, including two vulnerabilities that it says are being actively exploited in the wild.

The shortcomings are listed below:

• CVE-2024-23225 – A memory corruption issue in the kernel that an attacker with arbitrary kernel read and write ability can exploit to bypass kernel memory protections

• CVE-2024-23296 – A memory corruption issue in the RTKit real-time operating system (RTOS) that an attacker with arbitrary kernel read/write ability can exploit to bypass kernel memory protections

It is currently unclear how flaws are weaponized in the wild. Apple said both vulnerabilities have been addressed with improved validation in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.

Updates are available for the following devices:

• iOS 16.7.6 and iPadOS 16.7.6 – iPhone 8, iPhone 8 Plus, iPhone

• iOS 17.4 and iPadOS 17.4 – iPhone iPad 6th generation and later, and iPad mini 5th generation and later

With the latest development, Apple has resolved a total of three actively exploited zero-day cases in its software since the beginning of the year. In late January 2024, linked a type confusion flaw in WebKit (CVE-2024-23222) impacting iOS, iPadOS, macOS, tvOS, and the Safari web browser that may lead to arbitrary code execution .

The development comes as the US Cybersecurity and Infrastructure Security Agency (CISA) added two flaws to its catalog of known exploited vulnerabilities (KEVs), urging federal agencies to apply the necessary updates by March 26, 2024.

The vulnerabilities concern an information disclosure flaw affecting Android Pixel devices (CVE-2023-21237) and an operating system command injection flaw in Sunhillo SureLine that could lead to code execution with root privileges (CVE- 2021-36380).

Google, in a notice published in June 2023, acknowledged that it had found indications that “CVE-2023-21237 may be subject to limited, targeted exploitation.” Regarding CVE-2021-36380, Fortinet revealed late last year that a Mirai botnet called IZ1H9 was exploiting the flaw to bundle sensitive devices into a DDoS botnet.