Thursday November 21, 2024

Two new zero-day vulnerabilities have been discovered in iOS and iPadOS 17.4 versions that could allow threat actors to bypass memory protections and perform arbitrary kernel read and write on the affected devices.

These two vulnerabilities have been assigned with CVE-2024-23225 and CVE-2024-23296. However, Apple has addressed these two vulnerabilities in their recent security advisory and has issued patches for fixing them. Apple also stated that they were aware of the report that threat actors may have exploited these two vulnerabilities in the wild.

This particular vulnerability exists in the iOS kernel due to a memory corruption issue that could allow threat actors to perform arbitrary kernel read and write by bypassing kernel protections. The severity for this vulnerability is yet to be categorised. 

Products affected by this vulnerability include iPhone XS and, later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. Read More..