Apple has released security updates for two zero-day vulnerabilities that enable attackers to bypass kernel memory protections. The updates were released for iPads and iPhones.
The OS versions that patch the vulnerabilities above are iOS 17.4 and iPadOS 17.4. For devices older than the iPhone XS, the update is iOS 16.7.6 and iPadOS 16.7.6.
The vulnerabilities, which Apple says are being exploited in the wild are as follows:
CVE-2024-23225: Enables an attacker to bypass kernel memory protections if they have arbitrary kernel ready/write privileges. This is caused by a memory corruption issue.
CVE-2024-23296: Enables an attacker to exploit memory corruption issues and bypass kernel memory protections if they have arbitrary kernel read/write privileges.