ONGC Systems

Security Alert: CVE-2024-23225 and CVE-2024-23296

Please note that two new vulnerabilities have been discovered that affects Apple devices running iOS and iPadOS. These vulnerabilities can be exploited by malicious actors to gain unauthorised access, compromise sensitive data, or disrupt normal operations.

Vulnerability NameCVE-2024-23225 and CVE-2024-23296
SeverityCRITICAL
CVSS9.8
Affected ProductsApple iPhone and Apple iPad

Description:

CVE-2024-23225 – A memory corruption issue in Kernel (the computer program at the core of the computer’s operating system). An attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections.
CVE-2024-23296 – A memory corruption issue in the RTKit real-time operating system (RTOS) that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections.

What this means for all ONGC Customers:

We urge all ONGC customers to update their iPhones and/or iPads as soon as possible. In most cases, Apple devices are not managed by ONGC and therefore require user interaction to initiate the update. Please see the below video from Apple Support that explains how to update your Apple device:

Exit mobile version