Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for privilege escalation. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
CVE-2024-23225 – a memory corruption issue in the OSes’ kernel that could allow attackers to bypass kernel memory protections.
CVE-2024-23296 – a memory corruption issue in RTKit (Apple’s proprietary embedded/real-time operating system) that may also allow attackers to bypass kernel memory protections.
What You Should Do
If you use any of the programs listed below you should update your systems immediately.
Affected Systems:
- Versions prior to iOS 17.4 and iPadOS 17.4
- iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Versions prior to iOS 16.7.6 and iPadOS 16.7.6
- iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
.If you have questions or need assistance, contact a member of the Admiral team.
