Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Apple warns of exploitation of zero-day bug

Apple is rolling out a suite of security updates for older iPads, iPhones, and Mac devices, as vulnerabilities are likely being exploited in the wild.

user icon David Hollingworth
Tue, 14 May 2024
Apple warns of exploitation of zero-day bug
expand image

Consumer tech and software giant Apple has released urgent security updates to patch vulnerabilities in a host of older Apple devices.

The patches address issues in Apple’s Real-Time Kernel, or RTKit, and the company’s Foundation framework.

CVE-2024-23296 is an RTKit memory corruption issue that could give an attacker arbitrary read/write capability by bypassing kernel memory protection.

============
============

“Apple is aware of a report that this issue may have been exploited,” the advisory said.

The Center for Internet Security goes into a little bit more detail.

“Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” a CIS advisory said.

“Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

CVE-2024-27789, on the other hand, does not yet appear to be actively exploited and is a logic issue that could allow a malicious app to access “user-sensitive data”.

The patches are available for iOS 16.7.8 and iPadOS 16.7.8 and on the following devices: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.