Apple has released emergency updates to fix two iOS zero-day vulnerabilities that were exploited in attacks against iPhone devices.
The first vulnerability tracked as CVE-2024-23225 is a Kernel memory corruption flaw and was addressed it with improved validation.
An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
The second vulnerability tracked as CVE-2024-23296 is an RTKit memory corruption flaw. The company addressed it with improved validation.
An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Apple confirmed that both vulnerabilities are actively exploited.
Impacted devices are iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
Apple addressed the two vulnerabilities with the release of iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6.
