Security News > 2024 > May > Apple backports iOS zero-day patch, adds Bluetooth tracker alert

Apple backports iOS zero-day patch, adds Bluetooth tracker alert
2024-05-14 13:29

Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages.

The company has also added a new capability to iOS 17 that will alert users if an unknown Bluetooth tracker is "Seen" moving with them.

The fix for the RTKit zero-day - which has been patched in iOS and iPadOS 17.4, macOS Sonoma, watchOS, tvOS and visionOS in March 2024 after reports of in-the-wild exploitation - has been backported only to Ventura, iOS 16.7.8 and iPadOS 16.7.8.

In March 2023, Apple has introduced a new URI scheme in iOS 17.4 to allow EU users to install alternative marketplace apps from developers' websites.

Apple and Google announced that iPhones and Android 6.0+ devices will from now alert users to the presence of unknown Bluetooth tracking devices.

"If a user gets on their iOS device, it means that someone else's AirTag, Find My accessory, or other industry specification-compatible Bluetooth tracker is moving with them. It's possible the tracker is attached to an item the user is borrowing, but if not, iPhone can view the tracker's identifier, have the tracker play a sound to help locate it, and access instructions to disable it," Apple explained.


News URL

https://www.helpnetsecurity.com/2024/05/14/ios-bluetooth-tracker-alert/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-03-05 CVE-2024-23296 Out-of-bounds Write vulnerability in Apple products
A memory corruption issue was addressed with improved validation.
local
low complexity
apple CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Bluetooth 4 0 9 7 0 16