Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in Apple Products
Alerts

Multiple Vulnerabilities in Apple Products

2 August 2024

Apple has released security updates for their product suite, including iOS, iPadOS, macOS, watchOS, tvOS and visionOS.

The security fixes in the OS updates address multiple flaws for notable vulnerabilities:

  • CVE-2024-40788 (CVSSv3 score = 9.8) and CVE-2024-27826 (CVSSv3 score = 7.8). These are flaws in the kernel that could allow an attacker to cause an unexpected system shutdown and execute arbitrary code with kernel privileges respectively.

  • CVE-2024-6387 (CVSSv3 score = 8.1), a flaw in OpenSSH's server that could allow an unauthenticated attacker to perform arbitrary remote code execution with root permissions. Read more about it

    here

    .

Successful exploitation of these vulnerabilities could allow attackers to perform arbitrary code execution, bypass authentication measures, and take control of the affected system.

These vulnerabilities affect the following products:

  • Safari 17.6: Available for macOS Monterey and macOS Ventura

  • iOS 17.6 and iPadOS 17.6: Available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

  • iOS 16.7.9 and iPadOS 16.7.9: Available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

  • macOS Sonoma 14.6: Available for macOS Sonoma

  • macOS Ventura 13.6.8: Available for macOS Sonoma

  • macOS Monterey 12.7.6: Available for macOS Monterey

  • watchOS 10.6: Available for Apple Watch Series 4 and later

  • tvOS 17.6: Available for Apple TV HD and Apple TV 4K (all models)

  • visionOS 1.3: Available for Apple Vision Pro

Users are advised to patch their products to the latest versions immediately.

Users are also recommended to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/en-us/HT214117

https://www.cisa.gov/news-events/alerts/2024/07/30/apple-releases-security-updates-multiple-products

https://www.forbes.com/sites/kateoflahertyuk/2024/07/31/ios-176-update-now-warning-issued-to-all-iphone-users/

Back to top