Skip to main content

Apple Products Multiple Vulnerabilities

Last Update Date: 8 Mar 2024 Release Date: 6 Mar 2024 5136 Views

RISK: Medium Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, elevation of privilege, spoofing, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.

 

Note:

For CVE-2024-23225 and CVE-2024-23296, an attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

To expolit these vulnerabilities, attackers need arbitrary kernel read and write capability. Hence, the risk level is rated to Medium Risk.
 

[Updated on 2024-03-08] 

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.


Impact

  • Information Disclosure
  • Security Restriction Bypass
  • Data Manipulation
  • Denial of Service
  • Remote Code Execution
  • Elevation of Privilege
  • Spoofing

System / Technologies affected

  • Versions prior to iOS 16.7.6 and iPadOS 16.7.6
  • Versions prior to iOS 17.4 and iPadOS 17.4
  • Versions prior to Safari 17.4
  • Versions prior to macOS Monterey 12.7.4
  • Versions prior to macOS Ventura 13.6.5
  • Versions prior to macOS Sonoma 14.4
  • Versions prior to watchOS 10.4
  • Versions prior to tvOS 17.4
  • Versions prior to visionOS 1.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • iOS 16.7.6 and iPadOS 16.7.6
  • iOS 17.4 and iPadOS 17.4
  • Safari 17.4
  • macOS Monterey 12.7.4
  • macOS Ventura 13.6.5
  • macOS Sonoma 14.4
  • watchOS 10.4
  • tvOS 17.4
  • visionOS 1.1

Vulnerability Identifier


Source


Related Link