Apple Rushes to Patch Zero-Day Flaws Under Active Attack

Apple push update for actively exploited Zero-Day flaws

In an urgent security advisory, Apple has released critical software updates to address multiple vulnerabilities in its operating systems, including two zero-day flaws that are being actively exploited by threat actors. The tech giant is urging all users to install the patches immediately to mitigate the risks posed by these vulnerabilities.

The two zero-day vulnerabilities tracked as CVE-2024-23225 and CVE-2024-23296, are memory corruption issues that reside in the kernel and the RTKit real-time operating system (RTOS) components, respectively. 

According to Apple's advisory, an attacker with arbitrary kernel read and write capabilities could leverage these flaws to bypass kernel memory protections, potentially leading to system compromise.

An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. -Apple wrote in advisory

While Apple has not provided specific details on how these vulnerabilities are being weaponized in the wild, the company acknowledged that they are under active exploitation, signalling the urgency of the situation. The tech behemoth has implemented improved validation measures to address these vulnerabilities in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.

The updates are available for a wide range of devices, including the iPhone 8 and later models, various iPad generations, and the iPad Pro lineup. 

Users are strongly advised to update their devices to the latest software versions as soon as possible to protect themselves from potential attacks leveraging these zero-day flaws.

This latest development follows Apple's efforts earlier this year to address another actively exploited zero-day vulnerability, CVE-2024-23222, which affected WebKit, the browser engine powering Safari and other system components. The flaw, a type confusion issue, could have led to arbitrary code execution on affected devices.

Apart from security updates, Apple has also pushed updates for users in the European Union. The update message reads -

iOS 17.4 Update description: "This update provides new options for app marketplaces, web browsers and payments for residents of the European Union. This release also includes new emoji, transcripts in Apple Podcasts, and other features, and bug fixes and security updates for your iPhone."

The disclosure of these actively exploited vulnerabilities underscores the ever-evolving cybersecurity landscape and the relentless efforts of threat actors to find and exploit software flaws for malicious purposes. It also highlights the importance of timely patching and security updates from software vendors to protect users from potential compromises.

Read Also
Post a Comment