May 13, 2024 at 01:45PM
Apple released updates addressing CVE-2024-27789 and CVE-2024-23296. The first fix is for a logic issue which allowed app access to user data. The second addresses a memory corruption issue that could allow an attacker to bypass kernel memory protections. Updates are available for several iPhone and iPad models.
It appears that these meeting notes are related to the recent security updates from Apple. Two CVEs were addressed: CVE-2024-27789 and CVE-2024-23296.
For CVE-2024-27789, a logic issue was fixed, which could have allowed an app to access user-sensitive data. The affected product is Foundation, and the update is available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
Regarding CVE-2024-23296, a memory corruption issue was addressed, which could have allowed an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. The affected product is RTKit, and the update is available for the same devices as mentioned for the previous CVE.
In summary, users of the listed Apple devices should update their devices to mitigate these security vulnerabilities.