High Threat Security Alert (A24-03-03): Multiple Vulnerabilities in Apple iOS and iPadOS


 

Published on: 06 March 2024

  
  

Description:

Apple has released iOS 16.7.6, iOS 17.4, iPadOS 16.7.6 and iPadOS 17.4 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/en-us/HT214081
https://support.apple.com/en-us/HT214082

Reports indicate that multiple vulnerabilities (CVE-2024-23225 and CVE-2024-23296) are being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone 8 and later
  • iPad 5th generation and later, Air 3rd generation and later, mini 5th generation and later, Pro 9.7-inch, Pro 10.5-inch, Pro 11-inch 1st generation and later, Pro 12.9-inch 1st generation and later

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to information disclosure or security restriction bypass on an affected device.

Recommendation:

Apple has released new version of iOS and iPadOS to address the issue.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/en-us/HT214081
  • https://support.apple.com/en-us/HT214082
  • https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20240306
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23225
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23243
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23256
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23296


Tag: Apple , iOS , iPhone , iPad , iPadOS
Tags