Apple remediates two iOS zero-days exploited in iPhone attacks

Home / Threat Intelligence bulletins / Apple remediates two iOS zero-days exploited in iPhone attacks

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Apple has released security updates to remediate two iOS zero-day security flaws that have been exploited in iPhone attacks. The two vulnerabilities have been discovered in the iOS Kernel (tracked as [CVE-2024-23225]) and RTKit (tracked as [CVE-2024-23296]), both of which allow threat actors with arbitrary kernel read and write capabilities to bypass kernel memory protections.

Impact

Successful exploitation of CVE-2024-23225 and CVE-2024-23296 would likely allow threat actors with arbitrary kernel read and write capabilities to bypass kernel memory protections, leading to the compromise of sensitive data in the first instance.

Vulnerability Detection

Apple has released security patches for the vulnerabilities reported on. As such, previous versions are vulnerable to potential exploitation.

Affected Products

The following Apple devices are affected by these vulnerabilities:

  • iPhone XS and later
  • iPhone 8
  • iPhone 8 Plus
  • iPhone X
  • iPad 5th generation
  • iPad Pro 9.7-inch
  • iPad Pro 12.9-inch 1st generation
  • iPad Pro 12.9-inch 2nd generation and later
  • iPad Pro 10.5-inch
  • iPad Pro 11-inch 1st generation and later
  • iPad Air 3rd generation and later
  • iPad 6th generation and later
  • iPad mini 5th generation and later

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Containment, Mitigations and Remediations

It is strongly recommended that users apply the relevant security patches as soon as possible and as a matter of urgency. The emergency patches are as follows:

  • iOS 17.4
  • iPadOS 17.4
  • iOS 16.76
  • iPad 16.7.6

Threat Landscape

Apple occupies a significant portion of the smart device and PC market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Apple products have become a prime target. Due to the fact that smart devices and PCs have become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within these systems in an attempt to extract the sensitive information contained therein.

There is not currently any intelligence regarding the ongoing exploitation campaigns. However, it should be noted that iOS zero-day vulnerabilities are commonly leveraged in state-sponsored spyware attack chains against high-risk entities.

With these two vulnerabilities, Apple has now remediated three zero-day flaws in 2024 thus far. Due to this trend, it is likely that additional zero-day flaws will be discovered in the coming months. As such, it is vital that Apple product users apply any security patches as soon as they become available.

Threat Actor

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactic: TA0002 – Execution

Further Information

Apple Security Advisory