After opening the new year with zero-day fixes, Apple has once again addressed two more zero-days in its iOS devices, urging users to update as soon as possible. These vulnerability fixes not only arrive for iOS 17 but also come with the latest iOS 16 updates.
Recent iOS Updates Fix Two Zero-Days
As disclosed through an advisory, Apple patched four vulnerabilities, including two zero-days, with the latest iOS updates. Specifically, these include the following four vulnerabilities.
- CVE-2024-23243: An information disclosure issue that could expose sensitive data to an app. Apple addressed this flaw by improving private data redaction for log entries.
- CVE-2024-23225: This kernel vulnerability could let an adversary bypass memory protection and exploit the arbitrary read/write capability. The tech giant patched this vulnerability by improving validation while admitting to having detected its exploitation in the wild.
- CVE-2024-23296: Another memory corruption vulnerability with similar impact as that of CVE-2024-23225, which Apple patched by improving validation. The firm mentioned this vulnerability as the second zero-day, confirming to have detected its active exploitation.
- CVE-2024-23256: A logic issue that could expose a user’s locked tabs while switching groups even with “Locked Private Browsing” enabled. Acknowledging the researcher Om Kothawade for reporting this flaw, Apple confirmed patching it by improving state management.
Apple patched these vulnerabilities with iOS 17.4 and iPadOS 17.4. These updates apply to iPhone XS and later, iPad Pro 12.9-inch 2nd gen and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st gen and later, iPad Air 3rd gen and later, iPad 6th gen and later, and iPad mini 5th gen and later.
Moreover, the firm also released the fix for the kernel vulnerability CVE-2024-23225 with iOS 16.7.6 and iPadOS 16.7.6, applicable to iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th gen, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st gen.
Besides these vulnerabilities, Apple also hinted about having patched more vulnerabilities with this update, which the firm would update later. That means these updates demand immediate attention from the users as they carry numerous security fixes.
Let us know your thoughts in the comments.
