On Tuesday, Apple revealed an urgent software update to patch several security flaws in the iOS platform. These updates come with a warning of potential zero-day exploits in the system.

Apple released several iOS updates including iOS 17.4, iPad 17.4, and iOS 16.7.6 as a means of patching potential security defects. The release of the new iOS mobile updates confirms the existence of exploits as Apple stated “Apple is aware of a report that this issue may have been exploited”. The two potential exploited vulnerabilities are Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296). Kernel can occur when an attacker possesses casual kernel reading and writing capability, enough to bypass kernel memory protections. Apple has made changes in its memory corruption through improved validation. Similarly, RTKit can occur with casual reading and writing kernel capabilities that also bypass memory protections. This vulnerability was also mitigated through improved validation by Apple. In addition, Apple flagged the kernel flaw as ‘exploited’ for older iOS versions. Apple also patched an Accessibility feature privacy vulnerability that enables apps to read sensitive location data. Another vulnerability was patched within Safari Private Browsing through a bug that exposed locked tabs. This bug exposed locked tabs while the user tab switched groups during enabled Private Browsing.

Read more:

https://www.securityweek.com/apple-blunts-zero-day-attacks-with-ios-17-4-update/