Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerabilities in Apple Products
Alerts

Active Exploitation of Zero-Day Vulnerabilities in Apple Products

6 March 2024

Apple has released security updates to address two zero-day vulnerabilities (CVE-2024-23225 and CVE-2024-23296) in their products. The vulnerabilities are reportedly being actively exploited. 

The vulnerabilities are:

  • CVE-2024-23225: A memory corruption vulnerability in the iOS kernel that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

  • CVE-2024-23296: A memory corruption vulnerability in the RTKit that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

The vulnerabilities affect the following products:

  • iPhone 8

  • iPhone 8 Plus

  • iPhone X

  • iPhone XS and later

  • iPad Pro 9.7-inch

  • iPad Pro 12.9-inch 1st generation and later

  • iPad Pro 10.5-inch

  • iPad Pro 11-inch 1st generation and later

  • iPad Air 3rd generation and later

  • iPad 5th generation and later

  • iPad mini 5th generation and later

Users of the affected products are advised to update to the latest versions immediately. 

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates

More information is available here:

https://support.apple.com/en-us/HT214081

https://support.apple.com/en-us/HT214082

https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-exploited-in-attacks-on-iphones/amp/

Back to top