Apple has taken swift action to address two critical zero-day vulnerabilities in iOS that are being actively exploited by cyber attackers to compromise iPhone users at the kernel level. The emergency security updates released by Apple on March 5 aim to fix these memory-corruption bugs, which allow threat actors to bypass kernel memory protections and gain arbitrary kernel read and write capabilities.
The first vulnerability, known as CVE-2024-23225, was found in the iOS Kernel, while the second one, CVE-2024-23296, was identified in the RTKit component. These vulnerabilities pose a significant risk to individuals and organizations, as they can enable attackers to bypass security mechanisms, potentially leading to system compromise, data breaches, and the introduction of malware.
Krishna Vishnubhotla, vice president of product strategy at Zimperium, emphasizes the importance of the kernel in managing operating system operations and hardware interactions. He explains that a vulnerability in the kernel that allows arbitrary access can have serious consequences, including complete system compromise and unauthorized access to sensitive data.
Moreover, bypassing kernel memory protections opens the door for Apple-focused cyber attackers to exploit the vulnerabilities for malicious purposes. John Bambenek, president at Bambenek Consulting, points out that bypassing kernel protections can allow attackers to rootkit the phone, granting them access to sensitive functionalities such as GPS, camera, microphone, and unencrypted messages.
This is not the first time Apple has faced zero-day vulnerabilities. Earlier this year, the company patched an actively exploited zero-day bug in the Safari WebKit browser engine. iOS users have increasingly become targets for spyware, as evidenced by the discovery of multiple Apple zero-day flaws connected to Operation Triangulation, a sophisticated cyber-espionage campaign aimed at government and corporate targets.
While nation-states are known for using zero-days to deploy spyware like the NSO Group’s Pegasus, John Gallagher of Viakoo Labs warns that the attackers exploiting these vulnerabilities could be more mundane yet equally dangerous. He emphasizes that any threat actor looking to operate stealthily would leverage zero-day exploits in widely used devices like smartphones and high-impact systems like IoT devices and applications.
To safeguard against these vulnerabilities, Apple users are advised to update their devices to the latest versions, including iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6. By applying these security updates, users can protect themselves against potential attacks and ensure the integrity of their devices and data.