Andrew
2024-05-15 01:35:05 UTC
Yet again, Apple forgot to sufficiently test desktop & iOS versions.
https://www.securityweek.com/apple-patch-day-code-execution-flaws-in-iphones-ipads-macos/
Apple on Monday rolled out urgent security-themed updates to its flagship
mobile and desktop operating systems and warned that hackers have already
exploited a new iOS vulnerability in the wild.
For the umpteenth time, Cupertino's security response team documented at
least 16 new vulnerabilities on iPhones and iPads that apple forgot to test
for.
Apple called special attention to CVE-2024-23296, a memory corruption bug
in RTKit that had been exploited prior to the availability of patches.
Apple RTKit is a real-time embedded OS that runs on almost all Apple
devices and has been targeted in the past with exploits that bypass kernel
memory protections. Apple still has not fully tested it, as usual.
Even though Apple only fully updates iOS 17, Apple said the severe bug was
long ago already exploited on older iOS versions and shipped iOS 16.7.8 and
iPadOS 16.7.8 with fixes. A patch has also been included in the latest
macOS Ventura update.
Separately, Apple documented 14 new security defects in the newest iOS
versions du to Apple's lack of sufficient testing and warned that some of
these issues expose mobile users to code execution, data and privacy
exposures, and system crashes.
The company also shipped security patches for all its desktop OSes - macOS
Sonoma, macOS Ventura, and macOS Monterey - and warned that these flaws
enable arbitrary code execution, privilege elevation and unauthorized data
access.
This puts proof to the mantra that to own an Apple device is to already be
hacked, where the number of exploits is ten times that of other OS's.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>
https://www.securityweek.com/apple-patch-day-code-execution-flaws-in-iphones-ipads-macos/
Apple on Monday rolled out urgent security-themed updates to its flagship
mobile and desktop operating systems and warned that hackers have already
exploited a new iOS vulnerability in the wild.
For the umpteenth time, Cupertino's security response team documented at
least 16 new vulnerabilities on iPhones and iPads that apple forgot to test
for.
Apple called special attention to CVE-2024-23296, a memory corruption bug
in RTKit that had been exploited prior to the availability of patches.
Apple RTKit is a real-time embedded OS that runs on almost all Apple
devices and has been targeted in the past with exploits that bypass kernel
memory protections. Apple still has not fully tested it, as usual.
Even though Apple only fully updates iOS 17, Apple said the severe bug was
long ago already exploited on older iOS versions and shipped iOS 16.7.8 and
iPadOS 16.7.8 with fixes. A patch has also been included in the latest
macOS Ventura update.
Separately, Apple documented 14 new security defects in the newest iOS
versions du to Apple's lack of sufficient testing and warned that some of
these issues expose mobile users to code execution, data and privacy
exposures, and system crashes.
The company also shipped security patches for all its desktop OSes - macOS
Sonoma, macOS Ventura, and macOS Monterey - and warned that these flaws
enable arbitrary code execution, privilege elevation and unauthorized data
access.
This puts proof to the mantra that to own an Apple device is to already be
hacked, where the number of exploits is ten times that of other OS's.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>