Apple Releases iOS/iPadOS Updates with Zero Day Fixes., (Tue, Mar 5th)
2024-3-6 03:28:28 Author: isc.sans.edu(查看原文) 阅读量:36 收藏
2024-3-6 03:28:28 Author: isc.sans.edu(查看原文) 阅读量:36 收藏
Apple today released iOS 17.4 as well as iOS 16.7.6 (and the respective iPadOS versions). These updates fix a total of four vulnerabilities. Two of the vulnerabilities are already being exploited. CVE-2024-23225 is a privilege escalation issue and only affects iOS 17 as well as iOS 16. The second already exploited vulnerability, CVE-2024-23296, only affects iOS 17.
We rated the exploited vulnerabilities as "important", not "critical". They appear to only allow for privilege escalation.
| iOS 17.4 and iPadOS 17.4 | iOS 16.7.6 and iPadOS 16.7.6 |
|---|---|
| CVE-2024-23243 [important] Accessibility A privacy issue was addressed with improved private data redaction for log entries. An app may be able to read sensitive location information |
|
| x | |
| CVE-2024-23225 [moderate] *** EXPLOITED *** Kernel A memory corruption issue was addressed with improved validation. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. |
|
| x | x |
| CVE-2024-23296 [moderate] *** EXPLOITED *** RTKit A memory corruption issue was addressed with improved validation. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. |
|
| x | |
| CVE-2024-23256 [moderate] Safari Private Browsing A logic issue was addressed with improved state management. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled |
|
| x | |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
文章来源: https://isc.sans.edu/diary/rss/30716
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh