High Threat Security Alert (A24-05-07): Multiple Vulnerabilities in Apple iOS and iPadOS


 

Published on: 14 May 2024

  
  

Description:

Apple has released iOS 16.7.8, iOS 17.5, iPadOS 16.7.8 and iPadOS 17.5 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/en-us/HT214100
https://support.apple.com/en-us/HT214101

Reports indicate that the denial of service vulnerability (CVE-2024-23296) is being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone 8 and later
  • iPad 5th generation and later, Air 3rd generation and later, mini 5th generation and later, Pro 9.7-inch, Pro 10.5-inch, Pro 11-inch 1st generation and later, Pro 12.9-inch 1st generation and later

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution, denial of service, elevation of privilege, information disclosure or security restriction bypass on an affected device.

 

Recommendation:

Apple has released new version of iOS and iPadOS to address the issue.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/en-us/HT214100
  • https://support.apple.com/en-us/HT214101
  • https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20240514
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42893
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23296
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27789
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27796
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27803 (to CVE-2024-27804)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27810
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27816
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27818
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27821
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27834 (to CVE-2024-27835)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27839
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27841
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27847
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27852


Tag: Apple , iOS , iPhone , iPad , iPadOS
Tags