{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-025.pdf"
    },
    "title": "Zero-Day Vulnerabilities in Apple Products",
    "serial_number": "2024-025",
    "publish_date": "07-03-2024 13:13:11",
    "description": "On March 5, 2024, Apple released new product versions providing fixes for several vulnerabilities affecting iOS and iPadOS, among which 2 zero-day vulnerabilities already exploited in the wild.<br>\nIt is recommended updating as soon as possible.<br>\n",
    "url_title": "2024-025",
    "content_markdown": "--- \ntitle: 'Zero-Day Vulnerabilities in\u00a0Apple\u00a0Products'\nnumber: '2024-025'\nversion: '1.0'\noriginal_date: 'March 5, 2024'\ndate: 'March 6, 2024'\n---\n\n_History:_\n\n* _06/03/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn March 5, 2024, Apple released new product versions providing fixes for several vulnerabilities affecting iOS and iPadOS, among which 2 zero-day vulnerabilities already exploited in the wild.\n\nIt is recommended updating as soon as possible.\n\n# Technical Details\n\nThe two zero-day vulnerabilities, namely `CVE-2024-23225`  and `CVE-2024-23296`, respectively exist in the iOS Kernel and RTKit. A memory corruption in those components would allow an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.\n\n# Affected Products\n\nThe list of impacted Apple devices includes:\n\n- iPhone XS and later;\n- iPhone 8, iPhone 8 Plus;\n- iPhone X, iPad 5th generation;\n- iPad Pro 9.7-inch;\n- iPad Pro 12.9-inch 1st generation;\n- iPad Pro 12.9-inch 2nd generation and later;\n- iPad Pro 10.5-inch;\n- iPad Pro 11-inch 1st generation and later;\n- iPad Air 3rd generation and later;\n- iPad 6th generation and later;\n- iPad mini 5th generation and later\n\n# Recommendations\n\nCERT-EU strongly recommends updating affected devices as soon as possible.\n\n# References\n\n[1] <https://support.apple.com/en-us/HT214081>",
    "content_html": "<p><em>History:</em></p><ul><li><em>06/03/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On March 5, 2024, Apple released new product versions providing fixes for several vulnerabilities affecting iOS and iPadOS, among which 2 zero-day vulnerabilities already exploited in the wild.</p><p>It is recommended updating as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The two zero-day vulnerabilities, namely <code>CVE-2024-23225</code> and <code>CVE-2024-23296</code>, respectively exist in the iOS Kernel and RTKit. A memory corruption in those components would allow an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.</p><h2 id=\"affected-products\">Affected Products</h2><p>The list of impacted Apple devices includes:</p><ul><li>iPhone XS and later;</li><li>iPhone 8, iPhone 8 Plus;</li><li>iPhone X, iPad 5th generation;</li><li>iPad Pro 9.7-inch;</li><li>iPad Pro 12.9-inch 1st generation;</li><li>iPad Pro 12.9-inch 2nd generation and later;</li><li>iPad Pro 10.5-inch;</li><li>iPad Pro 11-inch 1st generation and later;</li><li>iPad Air 3rd generation and later;</li><li>iPad 6th generation and later;</li><li>iPad mini 5th generation and later</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating affected devices as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.apple.com/en-us/HT214081\">https://support.apple.com/en-us/HT214081</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}