Apple has recently addressed and patched two critical zero-day vulnerabilities in its latest iOS update, version 17.4, raising concerns about potential exploits. The vulnerabilities, namely CVE-2024-23225 and CVE-2024-23296, exploit a memory corruption issue in the kernel. This flaw could enable an attacker with arbitrary kernel read and write capabilities to bypass kernel memory protections, posing a risk to user data and device security.
The affected devices include the iPhone XS and later, iPad Pro models, iPad Air, iPad, and iPad mini, underscoring the widespread impact of these vulnerabilities. Despite Apple's acknowledgment that these flaws "may have been exploited," the company has not provided detailed information or credited specific researchers for the discovery.
This marks the second and third zero-day vulnerabilities Apple has addressed in 2024. In January, the company dealt with CVE-2024-23222, a type confusion issue in WebKit that could lead to arbitrary code execution when processing malicious web content.
The frequency of Apple's zero-day disclosures has drawn attention, especially as some incidents have been linked to exploits used by the commercial spyware industry. While Apple remains tight-lipped about the specifics, cybersecurity experts, such as Kaspersky, have pointed out that the vulnerabilities' ability to bypass kernel memory protections could potentially lead to privilege escalation. The lack of credited researchers may indicate an ongoing investigation, prompting security experts to recommend prompt updates for all iOS users.
As the cybersecurity landscape evolves, Apple's continuous efforts to address and patch vulnerabilities play a crucial role in maintaining the security of its user base. However, the company's disclosure practices and the potential connections to spyware exploits underscore the need for ongoing vigilance and rapid adoption of security updates by Apple users.
Please send a mail and let us know about your concerns.We will try our best to provide optimized solutions.