Skip to main content

Apple Products Multiple Vulnerabilities

Release Date: 14 May 2024 3527 Views

RISK: Medium Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

 

Note:

For CVE-2024-23296, an attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections.

Apple is aware of a report that this issue may have been exploited.

To exploit the vulnerability, attackers need arbitrary kernel read and write capability. Hence, the risk level is rated to Medium Risk.


Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Versions prior to iOS 16.7.8 and iPadOS 16.7.8
  • Versions prior to iOS 17.5 and iPadOS 17.5
  • Versions prior to macOS Monterey 12.7.5
  • Versions prior to macOS Ventura 13.6.7
  • Versions prior to macOS Sonoma 14.5
  • Versions prior to Safari 17.5
  • Versions prior to watchOS 10.5
  • Versions prior to tvOS 17.5

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • iOS 16.7.8 and iPadOS 16.7.8
  • iOS 17.5 and iPadOS 17.5
  • macOS Monterey 12.7.5
  • macOS Ventura 13.6.7
  • macOS Sonoma 14.5
  • Safari 17.5
  • watchOS 10.5
  • tvOS 17.5

Vulnerability Identifier


Source


Related Link