Please note that two new vulnerabilities have been discovered that affects Apple devices running iOS and iPadOS. These vulnerabilities can be exploited by malicious actors to gain unauthorised access, compromise sensitive data, or disrupt normal operations.
| Vulnerability Name | CVE-2024-23225 and CVE-2024-23296 |
| Severity | CRITICAL |
| CVSS | 9.8 |
| Affected Products | Apple iPhone and Apple iPad |
Description:
CVE-2024-23225 – A memory corruption issue in Kernel (the computer program at the core of the computer’s operating system). An attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections.
CVE-2024-23296 – A memory corruption issue in the RTKit real-time operating system (RTOS) that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections.
What this means for all ONGC Customers:
We urge all ONGC customers to update their iPhones and/or iPads as soon as possible. In most cases, Apple devices are not managed by ONGC and therefore require user interaction to initiate the update. Please see the below video from Apple Support that explains how to update your Apple device:
