May 13, 2024 at 05:50PM
Apple has backported security patches to older iPhones and iPads, fixing an iOS Kernel zero-day vulnerability actively exploited in attacks. The flaw allows attackers to bypass memory protections. The company also addressed two other zero-day vulnerabilities and added support for unwanted tracking alerts in the latest iOS update.
From the meeting notes, the key takeaways are as follows:
– Apple has backported security patches released in March to older iPhones and iPads to fix an iOS Kernel zero-day that was exploited in attacks.
– The vulnerability is a memory corruption issue in Apple’s RTKit real-time operating system, potentially enabling attackers to bypass kernel memory protections.
– Apple backported the March security updates to iOS 16.7.8, iPadOS 16.7.8, and macOS Ventura 13.6.7, with improved input validation for older devices including iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
– Apple has not disclosed the source of the zero-day or whether it was discovered internally, and no information about the nature of the attacks exploiting it has been provided.
– Despite likely being used in targeted attacks, users of older iPhone or iPad models are strongly advised to install the security updates promptly to block potential attack attempts.
– In addition to addressing the zero-day vulnerability, Apple has also fixed two zero-days in March (CVE-2024-23225 and CVE-2024-23296) and one in January (CVE-2024-23222), as well as backported patches for two WebKit zero-days in January (CVE-2023-42916 and CVE-2023-42917).
– The iOS 17.5 update also includes support for unwanted tracking alerts to warn users if their location is being tracked by Bluetooth tracking devices.
These clear takeaways provide a concise summary of the important points discussed in the meeting notes.