05.14.2024

Apple Devices Currently Affected By Arbitrary Code Execution Vulnerabilities

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 05/14/2024

Action Level - Critical

Description

Apple has released a security advisory for several of their older products. Of these vulnerabilities, there are code execution and privilege escalation vulnerabilities that could impact the security posture of the device.

Fixed Versions

  • To patch the vulnerabilities, customers must upgrade to the latest macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5, iOS 17.4, and iPadOS 17.4.

Attack Vector

  • iPhone XS and later
  • iPad 6th generation and later
  • iPad Air 3rd generation and later
  • iPad mini 5th generation and later
  • iPad Pro 12.9-inch 2nd generation and later
  • iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later
  • iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
  • Versions prior to macOS Sonoma 14.5
  • Versions prior to macOS Ventura 13.6.7
  • Versions prior to macOS Monterey 12.7.5
  • Versions prior to watchOS 10.5
  • Versions prior to tvOS 17.5
  • Versions prior to iOS 16.7.8 and iPadOS 16.7.8
  • Versions prior to iOS 17.5 and iPadOS 17.

Attack Feasibility 

An attacker with access to a user account on the vulnerable device has the ability to elevate their privileges through arbitrary code execution.

Mitigation/Remediation

Immediately update any affected devices to the most current, secure version.

Other Resources

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2024-051

https://threatprotect.qualys.com/2024/03/08/attackers-exploited-vulnerabilities-in-attacks-against-ios-and-macos-cve-2024-23225-cve-2024-23296/

<-- Return to Cybersecurity Alerts...

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC