Apple warns about exploitation of zero-day bug
Apple is rolling out a set of security updates for older iPad, iPhone, and Mac devices as vulnerabilities are likely being exploited in the wild.
Consumer software and technology giant Apple has released urgent security updates to fix vulnerabilities in a large number of older Apple devices.
The patches address issues in Apple’s real-time kernel, or RTKit, and the company’s Foundation framework.
CVE-2024-23296 is an RTKit memory corruption issue that could give an attacker arbitrary read/write capability by bypassing kernel memory protection.
“Apple is aware of a report indicating that this issue may have been exploited,” the notice said.
The Center for Internet Safety goes into a little more detail.
“Depending on the privileges associated with the user, an attacker could install programs; view, change or delete data; or create new accounts with full user rights,” a CIS notice said.
“Users whose accounts are configured to have fewer user rights on the system may be less affected than those who operate with administrative user rights.”
CVE-2024-27789, on the other hand, does not yet appear to be actively exploited and is a logical issue that could allow a malicious application to access “sensitive user data.”
Patches are available for iOS 16.7.8 and iPadOS 16.7.8 and on the following devices: iPhone 8, iPhone 8 Plus, iPhone first generation.