Apple iOS and iPadOS Memory Corruption Vulnerabilities: A Critical Alert

The U.S. Cybersecurity and Infrastructure Security Agency raised the alarm by adding two such vulnerabilities in Apple's iOS and iPad to its Known Exploited Vulnerabilities catalog.
These vulnerabilities are actively exploited, posing significant risks to users' privacy, data, and device security.
The Vulnerabilities CVE-2024-23225: This vulnerability targets the kernel of both Apple iOS and iPadOS. A flaw in memory handling allows malicious actors to corrupt critical system memory, potentially leading to unauthorized access, privilege escalation, or even remote code execution.
Exploiting this vulnerability can have severe consequences, compromising the integrity of the entire operating system.
CVE-2024-23296: Another memory corruption vulnerability affecting Apple iOS and iPadOS, CVE-2024-23296, has also been identified.
While specific technical details are not publicly disclosed, it is evident that attackers are leveraging this flaw to gain unauthorized access to sensitive data or execute arbitrary code on affected devices.
The Impact These vulnerabilities are not merely theoretical concerns; they are actively being exploited in the wild.
Cybercriminals are capitalizing on them to compromise iPhones and iPads, potentially gaining access to personal information, financial data, and corporate secrets.
The impact extends beyond individual users to organizations, government agencies, and enterprises relying on Apple devices for daily operations.
Immediate Action Required CISA's Binding Operational Directive 22-01 specifically targets Federal Civilian Executive Branch agencies, urging them to take immediate action to remediate these vulnerabilities.
The urgency extends beyond the federal sector.
Patch Management: Ensure that all iOS and iPadOS devices are updated to the latest available versions.
Apple has released security patches addressing these vulnerabilities, and users must apply them promptly.
Security Awareness: Educate users about the risks associated with memory corruption vulnerabilities.
Monitoring and Detection: Implement robust monitoring mechanisms to detect any signs of exploitation.
Anomalies in system behavior, unexpected crashes, or unusual network traffic patterns may indicate an active attack.
Incident Response: Develop and test incident response plans.
In case of successful exploitation, organizations should be prepared to isolate affected devices, investigate the breach, and remediate the impact swiftly.
Beyond the Technical Realm The addition of Apple iOS and iPadOS memory corruption vulnerabilities to CISA's Known Exploited Vulnerabilities catalog serves as a wake-up call.
It reminds us that threats are real, and proactive measures are essential to protect our devices, data, and digital lives.


This Cyber News was published on www.cysecurity.news. Publication date: Sun, 10 Mar 2024 17:13:08 +0000


Cyber News related to Apple iOS and iPadOS Memory Corruption Vulnerabilities: A Critical Alert

Apple iOS and iPadOS Memory Corruption Vulnerabilities: A Critical Alert - The U.S. Cybersecurity and Infrastructure Security Agency raised the alarm by adding two such vulnerabilities in Apple's iOS and iPad to its Known Exploited Vulnerabilities catalog. These vulnerabilities are actively exploited, posing significant ...
9 months ago Cysecurity.news
Apple Security Update Fixes Zero-Day Webkit Exploits - Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google's Threat Analysis Group discovered these security bugs. Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to ...
1 year ago Techrepublic.com
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
10 months ago Techrepublic.com
iPhone Triangulation attack abused undocumented hardware feature - The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. This finding comes from Kaspersky analysts who have been reverse-engineering ...
11 months ago Bleepingcomputer.com
Apple alert: India opposition says government tried to hack phones - Some Indian opposition leaders have accused the government of trying to hack into their phones after receiving warning messages from Apple. Apple's alert said it believed the recipient was "Being targeted by state-sponsored attackers". He added that ...
1 year ago Bbc.com
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
7 months ago Eff.org
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
1 year ago Bleepingcomputer.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
11 months ago Silicon.co.uk
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
1 year ago Eff.org
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
1 year ago Silicon.co.uk
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
1 year ago Bleepingcomputer.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
2 months ago Cyberdefensemagazine.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com
Apple backports fix for RTKit iOS zero-day to older iPhones - Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers ...
7 months ago Bleepingcomputer.com
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
1 year ago Securityboulevard.com
Apple Sets Trap to Catch iMessage Impersonators - Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches. The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors ...
1 year ago Securityweek.com
Apple Sets Trap to Catch iMessage Impersonators - Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches. The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors ...
1 year ago Packetstormsecurity.com
SpyNote Android malware spreads via fake volcano eruption alerts - The Android 'SpyNote' malware was observed in attacks targeting Italy using a fake 'IT-alert' public alert service that infected visitors with the information-stealing malware. IT-alert is a legitimate public service operated by the Italian ...
1 year ago Bleepingcomputer.com
Google Fixes Nearly 100 Android Security Issues - December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break. Enterprise software giants also issued their fair share of patches, with Atlassian ...
11 months ago Wired.com
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked - Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but ...
1 year ago Bleepingcomputer.com
Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection - Apple today launched a new tool for iPhones to help reduce what a thief with your phone and passcode can access. The feature, called Stolen Device Protection, adds extra layers of protection to your iPhone when someone tries to access or change ...
11 months ago Wired.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
10 months ago Darkreading.com
Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
1 year ago Bleepingcomputer.com
New Apple iOS security update blocks Bluetooth Spying - Apple has unveiled significant security enhancements with the introduction of iOS 17.5, addressing nearly 15 vulnerabilities. Among the key features is a capability to thwart Bluetooth-based iPhone tracking, a move aimed at bolstering user privacy. ...
7 months ago Cybersecurity-insiders.com
Apple fixes first zero-day bug exploited in attacks this year - Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)