Apple has backported a critical zero-day patch to older Mac models running macOS Monterey 12.7.6. The vulnerability, tracked as CVE-2024-23296, was addressed during this year March for newer devices but is now confirmed to have been actively exploited in the wild.
The flaw is a memory corruption issue within Apple’s RTKit real-time operating system that allow attackers to bypass kernel memory protections, granting them unauthorized read and write access to the kernel that could lead to the execution of arbitrary code and complete compromise of the affected device.
While Apple has remained tight-lipped about the specifics of the attacks exploiting this vulnerability, macOS zero-days are often associated with targeted campaigns by state-sponsored actors. These campaigns typically focus on high-profile individuals such as journalists, dissidents, and political figures.
Apple has reiterated its awareness of reports indicating that this vulnerability “may have been exploited.” While the company has not yet attributed the discovery of CVE-2024-23296 to any specific security researcher or provided details on the nature of the attacks, it is evident that the flaw has posed a significant threat.
The US CISA had already added this flaw to its Known Exploited Vulnerabilities catalog in March, underscoring the urgency and severity of the issue. All users of older Mac models are strongly advised to install the macOS Monterey 12.7.6 update immediately.
Nice information.