Security News > 2024 > March > Apple's trademark tight lips extend to new iPhone, iPad zero-days

Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited.

Affecting RTKit, Apple's real-time operating system that runs on various devices like AirPods, Apple Watch, and more, its description closely mirrors that of CVE-2024-23225.

While Apple's latest iOS and iPadOS 17.4 updates protect users from the vulnerabilities, Cupertino's security engineers were also forced to develop a patch for devices running iOS and iPadOS version 16.x. Indeed, CVE-2024-23225 also affects devices such as the iPhone 8, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation - devices that are no longer supported by Apple's latest OS releases.

Usually, when vendors register for CVEs they also provide a provisional CVSS rating of their own which appears alongside the NVD's assessment, but it's rare that Apple submits its own, in our experience.

Apple met its March 6 deadline early, overhauling previously longstanding rules against app sideloading and browser apps using their own engines on Apple's phones and tablets.

They also may be penalized for spending too much time outside of the country, it has emerged, with Apple stating: "If you're gone for too long, you'll lose access to some features, including installing new alternative app marketplaces," Apple said.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/06/iphone_ipad_zero_days/