For those of you that installed iOS 17.3 or macOS 14.3, there was a pretty big bug that may have been actively exploited. If you look at the security update page from Apple, you’ll see this:
“The Apple security vulnerability CVE-2024-23222 and its exploitation in iOS 17.3 is concerning. The recognized potential attack vectors, encompassing remote code execution, spyware, and kernel exploits, underscore the severity of this threat in the realm of mobile security as they could allow attackers to gain total control over iOS devices and compromise any unprotected apps or accounts running on the device.
However, amidst the foreboding nature of these vulnerabilities, a ray of optimism emerges. Presently, tailored protections are at the disposal of app owners and DevOps teams, offering a means to address and pre-emptively thwart each of these threats by automating mobile app defense. This empowers them to proactively safeguard consumers. For example, Appdome itself is capable of blocking shell code, code injection, remote execution, and kernel-based attacks – effectively fortifying against the very types of attack vectors seen in CVE-2024-23222. In times of adversity, such proactive measures serve as a source of much-needed reassurance for the iOS community.”
If you haven’t updated to macOS 14.3 and/or iOS 17.3, you should update now to protect yourself from whatever threat actors are exploiting this.
This entry was posted on January 26, 2024 at 8:15 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
iOS 17.3 and macOS 14.3 Fixes A Pretty Big Bug
For those of you that installed iOS 17.3 or macOS 14.3, there was a pretty big bug that may have been actively exploited. If you look at the security update page from Apple, you’ll see this:
There is a similar entry for macOS 14.3 as well. The fact that it appears to have been actively exploited is a huge problem.
Appdome’s VP Security Products, Alan Bavosa had this comment:
“The Apple security vulnerability CVE-2024-23222 and its exploitation in iOS 17.3 is concerning. The recognized potential attack vectors, encompassing remote code execution, spyware, and kernel exploits, underscore the severity of this threat in the realm of mobile security as they could allow attackers to gain total control over iOS devices and compromise any unprotected apps or accounts running on the device.
However, amidst the foreboding nature of these vulnerabilities, a ray of optimism emerges. Presently, tailored protections are at the disposal of app owners and DevOps teams, offering a means to address and pre-emptively thwart each of these threats by automating mobile app defense. This empowers them to proactively safeguard consumers. For example, Appdome itself is capable of blocking shell code, code injection, remote execution, and kernel-based attacks – effectively fortifying against the very types of attack vectors seen in CVE-2024-23222. In times of adversity, such proactive measures serve as a source of much-needed reassurance for the iOS community.”
If you haven’t updated to macOS 14.3 and/or iOS 17.3, you should update now to protect yourself from whatever threat actors are exploiting this.
Share this:
Like this:
Related
This entry was posted on January 26, 2024 at 8:15 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.