{"id":24098,"date":"2024-03-06T05:10:08","date_gmt":"2024-03-06T13:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/03\/06\/news-17828\/"},"modified":"2024-03-06T05:10:08","modified_gmt":"2024-03-06T13:10:08","slug":"news-17828","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/03\/06\/news-17828\/","title":{"rendered":"Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS"},"content":{"rendered":"\n<p>Apple has <a href=\"https:\/\/support.apple.com\/en-gb\/HT214081\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">released a security update<\/a> for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited. Zero-day vulnerabilities are discovered by attackers before the software company itself &#8211; meaning the vendor has &#8216;zero days&#8217; to fix them.<\/p>\n<p>Both the two vulnerabilities allow an attacker to bypass the memory protections that would normally stop someone from running malicious code. Reportedly, attackers used them with another unpatched vulnerability or malicious app, and the combination could be used to give them complete control over targeted iPhones.<\/p>\n<p>The update is available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.<\/p>\n<p>A patch for\u00a0iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation, running iOS 16.7.6 or iPadOS 16.7.6 is available for one of the vulnerabilities.<\/p>\n<p>To check if you&#8217;re using the latest software version, go to <strong>Settings<\/strong> &gt; <strong>General<\/strong> &gt; <strong>Software Update<\/strong>. You want to be on iOS 17.4 or iPadOS 17.4, so update now if you&#8217;re not. It&#8217;s also worth turning on Automatic Updates if you haven&#8217;t already. You can do that on the same screen.<\/p>\n<figure data-wp-context=\"{ &quot;core&quot;: \t\t\t\t{ &quot;image&quot;: \t\t\t\t\t{   &quot;imageLoaded&quot;: false, \t\t\t\t\t\t&quot;initialized&quot;: false, \t\t\t\t\t\t&quot;lightboxEnabled&quot;: false, \t\t\t\t\t\t&quot;hideAnimationEnabled&quot;: false, \t\t\t\t\t\t&quot;preloadInitialized&quot;: false, \t\t\t\t\t\t&quot;lightboxAnimation&quot;: &quot;zoom&quot;, \t\t\t\t\t\t&quot;imageUploadedSrc&quot;: &quot;https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/03\/update_available.png&quot;, \t\t\t\t\t\t&quot;imageCurrentSrc&quot;: &quot;&quot;, \t\t\t\t\t\t&quot;targetWidth&quot;: &quot;964&quot;, \t\t\t\t\t\t&quot;targetHeight&quot;: &quot;1290&quot;, \t\t\t\t\t\t&quot;scaleAttr&quot;: &quot;&quot;, \t\t\t\t\t\t&quot;dialogLabel&quot;: &quot;Enlarged image&quot; \t\t\t\t\t} \t\t\t\t} \t\t\t}\" data-wp-interactive class=\"wp-block-image aligncenter size-large is-resized wp-lightbox-container\"><img decoding=\"async\" loading=\"lazy\" width=\"964\" height=\"1290\" data-wp-effect=\"effects.core.image.setButtonStyles\" data-wp-init=\"effects.core.image.initOriginImage\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/03\/update_available.png?w=765\" alt=\"iPad shwoing that an update is vailable and offering choices when to update\" class=\"wp-image-106054\" style=\"width:700px\" \/><button class=\"lightbox-trigger\" type=\"button\" aria-label=\"Enlarge image: iPad shwoing that an update is vailable and offering choices when to update\"> \t\t\t \t\t\t\t \t\t\t \t\t<\/button>        <\/p>\n<div data-wp-body=\"\" class=\"wp-lightbox-overlay zoom\" data-wp-effect=\"effects.core.image.initLightbox\">                 <button type=\"button\" aria-label=\"Close\" class=\"close-button\">                                      <\/button>                 <\/p>\n<div class=\"lightbox-image-container\">\n<figure class=\"wp-block-image aligncenter size-large is-resized responsive-image\"><img decoding=\"async\" src=\"\" alt=\"iPad shwoing that an update is vailable and offering choices when to update\" class=\"wp-image-106054\" style=\"width:700px\" \/><\/figure>\n<\/p><\/div>\n<div class=\"lightbox-image-container\">\n<figure class=\"wp-block-image aligncenter size-large is-resized enlarged-image\"><img decoding=\"async\" src=\"\" alt=\"iPad shwoing that an update is vailable and offering choices when to update\" class=\"wp-image-106054\" style=\"width:700px\" \/><\/figure>\n<\/p><\/div>\n<div class=\"scrim\" style=\"background-color: #fff\" aria-hidden=\"true\"><\/div>\n<\/p><\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-technical-details\">Technical details<\/h2>\n<p>The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The zero-day CVEs patched in these updates are:<\/p>\n<p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-23225\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-23225<\/a>: a memory corruption issue was addressed with improved validation. A patch is available for this issue in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple says it&#8217;s aware of a report that this issue may have seen active exploitation.<\/p>\n<p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-23296\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-23296<\/a>: a memory corruption issue in RTKit was addressed with improved validation. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple says it&#8217;s aware of a report that this issue may have seen active exploitation.<\/p>\n<p>RTKit is Apple&#8217;s real-time operating system, running on multiple chips in iPhone, Watch, MacBook, and peripherals like the iPod. A real-time operating system, is software that manages tasks on a single core, which is crucial for real-time applications that require precise timing.<\/p>\n<p>Apple included several other vulnerabilities in the update, some of which it listed but it also mentions \u201cAdditional CVE entries coming soon.\u201d For protection against attackers reverse engineering updates to find the vulnerabilities, Apple doesn&#8217;t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.<\/p>\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don\u2019t just report on phone security\u2014we provide it<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by\u00a0<a href=\"https:\/\/www.malwarebytes.com\/ios\">downloading Malwarebytes for iOS<\/a>, and <a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a> today.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/03\/update-your-iphones-and-ipads-now-apple-patches-security-vulnerabilities-in-ios-and-ipados\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,32],"class_list":["post-24098","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-news"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24098","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24098"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24098\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24098"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}