Apple Products Multiple Vulnerabilities

Release Date: 14 May 2024 3348 Views

RISK: Medium Risk

TYPE: Operating Systems - Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

Note:

For CVE-2024-23296, an attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections.

Apple is aware of a report that this issue may have been exploited.

To exploit the vulnerability, attackers need arbitrary kernel read and write capability. Hence, the risk level is rated to Medium Risk.

Impact

Denial of Service
Elevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure

System / Technologies affected

Versions prior to iOS 16.7.8 and iPadOS 16.7.8
Versions prior to iOS 17.5 and iPadOS 17.5
Versions prior to macOS Monterey 12.7.5
Versions prior to macOS Ventura 13.6.7
Versions prior to macOS Sonoma 14.5
Versions prior to Safari 17.5
Versions prior to watchOS 10.5
Versions prior to tvOS 17.5

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

iOS 16.7.8 and iPadOS 16.7.8
iOS 17.5 and iPadOS 17.5
macOS Monterey 12.7.5
macOS Ventura 13.6.7
macOS Sonoma 14.5
Safari 17.5
watchOS 10.5
tvOS 17.5

Vulnerability Identifier

Source

Apple