Apple has released urgent security updates for iOS to address two zero-day vulnerabilities, CVE-2024-23225 and CVE-2024-23296. These vulnerabilities were exploited in targeted attacks on iPhones.

Security Risks

The identified vulnerabilities, Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), present a substantial security risk for iOS devices, potentially enabling attackers to gain arbitrary kernel access and bypass essential memory protections when exploited.

For the full list of security updates released by Apple, please refer to Apple security releases.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed Apple software in order to continue receiving technical support and security patches.

The following software versions are released for upgrade:

• iOS 17.4 and iPadOS 17.4: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later.

• iOS 16.7.6 and iPadOS 16.7.6: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

• iOS 15.8.2 and iPadOS 15.8.2: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

2. Enable background updates or automatic updates

3. Before any update task, ensure you have backup for your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://support.apple.com/en-us/HT201222.