Apple has recently released security updates to address two actively exploited vulnerabilities in its software, specifically CVE-2024-23225 and CVE-2024-23296. These vulnerabilities allow attackers to bypass kernel memory protections, posing a serious threat to user data and device security.
The tech giant rolled out updates for iOS 16.7.6, iPadOS 16.7.6, iOS 17.4, and iPadOS 17.4 to fix these flaws across various iPhone and iPad models. This initiative comes in response to the increasing number of cyber threats and marks Apple’s third actively exploited zero-day vulnerability addressed since the beginning of the year.
In a related development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. The first flaw involves an information disclosure issue affecting Android Pixel devices, while the second flaw is an operating system command injection vulnerability in Sunhillo SureLine.
Both Google and Fortinet have acknowledged instances of limited, targeted exploitation of these vulnerabilities in the past. The companies have urged users to install the latest updates and security patches to protect their devices from potential cyber attacks.
With cyber threats on the rise, it is crucial for users to stay vigilant and prioritize software updates and security measures. By addressing these vulnerabilities promptly, Apple aims to enhance the overall security of its products and safeguard user data from malicious actors.
“Prone to fits of apathy. Devoted music geek. Troublemaker. Typical analyst. Alcohol practitioner. Food junkie. Passionate tv fan. Web expert.”