Consumer tech and software giant Apple has released urgent security updates to patch vulnerabilities in a host of older Apple devices.
The patches address issues in Apple’s Real-Time Kernel, or RTKit, and the company’s Foundation framework.
CVE-2024-23296 is an RTKit memory corruption issue that could give an attacker arbitrary read/write capability by bypassing kernel memory protection.
“Apple is aware of a report that this issue may have been exploited,” the advisory said.
The Center for Internet Security goes into a little bit more detail.
“Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” a CIS advisory said.
“Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”
CVE-2024-27789, on the other hand, does not yet appear to be actively exploited and is a logic issue that could allow a malicious app to access “user-sensitive data”.
The patches are available for iOS 16.7.8 and iPadOS 16.7.8 and on the following devices: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.