Apple has issued security updates to address a number of vulnerabilities, including two zero-day flaws exploited by hackers.
The two zero-days are listed below:
CVE-2024-23225 - A buffer overflow issue in OS kernel that can be exploited by a local application to trigger memory corruption and execute arbitrary code on the target system
CVE-2024-23296 - A buffer overflow issue affecting the RTKit real-time operating system (RTOS). A malicious application can trigger memory corruption and execute arbitrary code on the target system.
Both security issues were addressed with improved validation in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.
The list of impacted devices includes iPhone XS and later, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation, iPad Pro 12.9-inch 2nd generation and newer, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and newer, iPad 6th generation and later, and iPad mini 5th generation and later.
Currently, it’s unclear how the two zero-day vulnerabilities have been weaponized in the wild.
In January, Apple fixed a WebKit zero-day flaw (CVE-2024-23222) that could allow a remote hacker to execute arbitrary code by tricking the victim into visiting a malicious website. The flaw was addressed with improved checks.