Apple has released iOS 17.4, urging users to update immediately as it fixes at least four security issues, two of which are already being exploited in real-life attacks.
The first exploited flaw, tracked as CVE-2024-23225, is in the Kernel at the core of the iPhone operating system. Apple stated that an attacker with arbitrary kernel read and write capability could bypass memory protections using this issue. Apple is aware of reports that this issue may have been exploited.
Another bug fixed in iOS 17.4, tracked as CVE-2024-23296, affects RTKit, the real-time operating system based on the RTKit framework used in Apple devices like AirPods, Siri Remote, Apple Pencil 2, and Smart Keyboard Folio. This flaw could allow an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. Apple is also aware of reports that this issue may have been exploited.
Exploiting these flaws could compromise the entire device, according to Sean Wright, head of application security at Featurespace. However, he noted that successfully performing the attack would be "extremely difficult," requiring the victim to install a malicious application or exploit a previous vulnerability.
iOS 17.4 also fixes an issue in Accessibility that could enable an app to read sensitive location information. Additionally, a flaw in Safari Private Browsing that could cause a user's locked tabs to be briefly visible while switching tab groups has been addressed.
Apple has indicated that more CVE entries will be released soon, suggesting that there could be additional security fixes in the iOS 17.4 update.
In addition to iOS 17.4, Apple has released iOS 16.7.6 for older devices. iOS 15.8.2 and iPadOS 15.8.2 have also been released for select older devices, with the update likely containing bug fixes rather than security patches.
Users are advised to update to iOS 17.4 immediately to protect their devices from these critical security vulnerabilities. To update, go to Settings > General > Software Update on your iPhone and download and install iOS 17.4 as soon as possible.
No comments:
Post a Comment