05.14.2024
Apple Devices Currently Affected By Arbitrary Code Execution Vulnerabilities
Date of Notice: 05/14/2024
Action Level - Critical
Description
Apple has released a security advisory for several of their older products. Of these vulnerabilities, there are code execution and privilege escalation vulnerabilities that could impact the security posture of the device.
Fixed Versions
- To patch the vulnerabilities, customers must upgrade to the latest macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5, iOS 17.4, and iPadOS 17.4.
Attack Vector
- iPhone XS and later
- iPad 6th generation and later
- iPad Air 3rd generation and later
- iPad mini 5th generation and later
- iPad Pro 12.9-inch 2nd generation and later
- iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later
- iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- Versions prior to macOS Sonoma 14.5
- Versions prior to macOS Ventura 13.6.7
- Versions prior to macOS Monterey 12.7.5
- Versions prior to watchOS 10.5
- Versions prior to tvOS 17.5
- Versions prior to iOS 16.7.8 and iPadOS 16.7.8
- Versions prior to iOS 17.5 and iPadOS 17.
Attack Feasibility
An attacker with access to a user account on the vulnerable device has the ability to elevate their privileges through arbitrary code execution.
Mitigation/Remediation
Immediately update any affected devices to the most current, secure version.
Other Resources