A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple macos |
||
apple iphone os 17.0 |
||
apple iphone os |
||
apple ipados |
||
apple ipados 17.0 |
Apple fixes two new iOS zero-days exploited in attacks on iPhones By Lawrence Abrams March 5, 2024 04:34 PM 0 Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel r...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab
Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. We've just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target's iPhone. The bugs are: Each bug, according to Apple, "may have been actively exploited against versions of iOS be...