Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that Intel suggests attackers have already exploited.
iPhone 16 & 16 Pro – 1 MONTH left! [Everything we know so far]
In typical Apple fashion, it's keeping most of the interesting details under wraps, but both have the potential to access data in the protected core.
The consumer tech giant registered the vulnerability as CVE-2024-23225 and said an attacker would already need to have the kernel's read and write capabilities to bypass kernel memory protections. The issue was fixed with improved validation, Apple said.
It's a similar story with CVE-2024-23296, the second zero-day exposed in the round of updates. Affecting RTKit, Apple's real-time operating system that runs on various devices such as AirPods, Apple Watch and more, its description closely mirrors that of CVE-2024-23225.
