San Francisco, CA – Apple has released security updates for various operating systems, including iOS, iPadOS, macOS Sequoia, tvOS, and visionOS, in response to two security vulnerabilities actively exploited in the wild. These vulnerabilities include a memory corruption flaw in the Core Audio framework and a vulnerability in the RPAC component that could allow attackers to bypass Pointer Authentication.
The company addressed the memory corruption vulnerability by enhancing bounds checking and removed the vulnerable section of code to mitigate the RPAC component vulnerability. Both vulnerabilities have been attributed to Apple, with Google Threat Analysis Group (TAG) credited for reporting one of them.
Apple acknowledged that these issues have been exploited in highly sophisticated attacks targeting specific individuals using iOS. These security updates mark the company’s response to a total of five actively exploited zero-day vulnerabilities this year, including a use-after-free bug in the Core Media component and an out-of-bounds write issue in the WebKit component.
The security updates are available for a range of devices, including iPhone XS and later, iPad Pro models, Macs running macOS Sequoia, Apple TV models, and Apple Vision Pro. Users are strongly advised to update their devices to the latest software versions to protect against potential risks associated with these vulnerabilities.
Overall, Apple’s swift response to these security flaws underscores the company’s commitment to addressing potential threats and enhancing the security of its devices and operating systems. As cyber threats continue to evolve, timely and effective security updates are crucial to safeguarding user data and privacy. Stay informed and proactive by keeping your devices up to date with the latest software releases.