Apple Addresses Memory Corruption Issue in iOS 17.4 and iPadOS 17.4

CVE-2024-23296

7.8HIGH

Key Information

Vendor: Apple
Status: iOS And iPad OS
Vendor: CVE Published:; 5 March 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The articles discuss two iOS zero-day vulnerabilities, CVE-2024-23225 and CVE-2024-23296, that affect a range of iPhone and iPad models. Both vulnerabilities allow attackers to bypass kernel memory protections and may lead to arbitrary code execution. Apple released patches in March and backported them to older devices to address the security flaws. There are reports that both vulnerabilities have been actively exploited, but the nature of these attacks has not been disclosed. The exploitation of these vulnerabilities can pose significant risks to affected devices, and users are strongly advised to update their iOS and iPadOS to the latest versions to mitigate the risks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-23296 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.