Apple exposed two iOS system 0 day vulnerabilities

Recently, Apple released an emergency security update that addresses two iOS zero-day vulnerabilities. These vulnerabilities exist in the iOS kernel (CVE-2024-23225) and RTKIT (CVE-2024-23296) and could be exploited by a threat attacker to bypass kernel memory protection, opening up an opportunity for a threat attacker with arbitrary kernel read and write privileges.

Apple says that their internal security team has addressed the issue of running iOS 17 by improving input validation4、ipados 17.4、ios 16.76 and iPad 167.6 of the security vulnerabilities on the device.

It is reported that the CVE-2024-23225 security vulnerability and CVE-2024-23296 security vulnerability have a wide range of impacts, mainly affecting iPhone XS and later, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, and iPad Pro 97-inch and iPad Pro 129-inch 1st generation, iPad Pro 129-inch 2nd generation and later, iPad Pro 10Dozens of products such as 5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

At this time, Apple has not disclosed information about the CVE-2024-23225 and CVE-2024-23296 zero-day vulnerabilities**, or whether the vulnerabilities were discovered internally or externally.

In addition, although Apple has not released specific information about the malicious exploitation of these two zero-day vulnerabilities, from past experience, zero-day vulnerabilities for iOS are often used by state-backed spyware to target high-risk groups such as journalists, opposition politicians, and ***, so users are strongly advised to install the latest security updates immediately to prevent potential cyberattack attempts.

Combined with the above two security vulnerabilities, Apple has fixed three zero-day security vulnerabilities in 2024 (the first one was fixed in January). Last year, Apple fixed a total of 20 zero-day security vulnerabilities exploited by malicious threat actors, including the following:

February: A WebKit zero-day vulnerability (CVE-2023-23529);

April: Two zero-day vulnerabilities (CVE-2023-28206 and CVE-2023-28205);

May: Three zero-point vulnerabilities (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373);

June: Three zero-point vulnerabilities (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439;

July: Two zero-point vulnerabilities (CVE-2023-37450 and CVE-2023-38606);

September: Five zero-point vulnerabilities (CVE-2023-41061, CVE-2023-41064, CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993);

October: Two zero-day vulnerabilities (CVE-2023-42824 and CVE-2023-5217);

November: Two zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917).

Apple exposed two iOS system 0 day vulnerabilities

Related Pages

At 0:00 on the first day of the Lunar New Year, two "dragon babies" were born

Vegetables are planted in winter, and with these two methods, the emergence of vegetables is really

200,000 spent 200 million to the effect of 200 million, BYD public relations gods!

Musk responded with two expressions to Apple's cancellation of the car

Let's start with two horses, two systems in the human brain