Details
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
Note:
For CVE-2024-23225 and CVE-2024-23296, an attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
To expolit these vulnerabilities, attackers need arbitrary kernel read and write capability. Hence, the risk level is rated to Medium Risk.
Impact
- Information Disclosure
- Security Restriction Bypass
- Data Manipulation
System / Technologies affected
- Versions prior to iOS 16.7.6 and iPadOS 16.7.6
- Versions prior to iOS 17.4 and iPadOS 17.4
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- iOS 16.7.6 and iPadOS 16.7.6
- iOS 17.4 and iPadOS 17.4