Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-23243 CVSS:5.5

Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Accessibility component. By using a specially crafted application, an attacker could exploit this vulnerability to read sensitive location information.

CVE-2024-23256 CVSS:5.5

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a logic issue in the Safari Private Browsing component. By using a specially crafted application, an attacker could exploit this vulnerability to allow a user’s locked tabs to become briefly visible while switching tab groups when Locked Private Browsing is enabled.

CVE-2024-23296 CVSS:5.5

Apple iOS and iPadOS could allow a local authenticated attacker to bypass security restrictions, caused by a memory corruption issue in the RTKit component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass kernel memory protections.

CVE-2024-23225 CVSS:5.5

Apple iOS and iPadOS could allow a local authenticated attacker to bypass security restrictions, caused by a memory corruption issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass kernel memory protections.

Impact

• Information Disclosure
• Security Bypass

Indicators Of Compromise

CVE

• CVE-2024-23243
• CVE-2024-23256
• CVE-2024-23296
• CVE-2024-23225

Affected Vendors

Apple

Affected Products

• Apple iPadOS 17.3
• Apple iOS 17.3
• Apple iPadOS 16.7.5
• Apple iOS 16.7.5

Remediation

Refer to Apple security document for patch, upgrade or suggested workaround information.

Apple security document