The WA SOC has been made aware of two new zerodays affecting Apple iOS and iPad. CISA has reported these vulnerabilities as known exploited.
As of publishing this advisory, CVSS scores have not been published.
Product(s) Affected | CVE | Severity | CVSS | Exploit exists | Dated |
---|---|---|---|---|---|
**versions before iOS 17.4, iPadOS 17.4 |
CVE-2024-23225 | TDB | 7.8 | Yes (Zero Day) | 7 Mar, 2024 |
CVE-2024-23296 | 7.8 | TBD | Yes (Zero Day) | 7 Mar, 2024 |
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):