Apple revealed insights on the recent updates that were rolled out for iOS and iPadOS 17.4.1.
A Dire Vulnerability
This newly identified zero-day bug, known as CVE-2024-1580, has been hiding within the Apple’s most popular devices, including the iPhone XS and the following models (basically almost if not all iPhones from 2018 until now), as well as various iterations of the iPad Pro, iPad Air, and iPad Mini.
In essence, a significant segment of Apple’s user base finds itself in the crosshairs of this security loophole.
CVE-2024-1580 can be defined as an out-of-bounds write vulnerability, found within the dav1d AV1 decoding library. This vulnerability affected Apple’s Core Media and WebRTC components, and it could allow a remote attacker to execute arbitrary code on the infected devices.
Mitigating the Threat Across the Ecosystem
This week, Apple rolled out additional updates targeting CVE-2024-1580. The updates were applied to the Safari web browser, macOS versions Sonoma and Ventura, and the visionOS software, designed for theVision Pro headset.
The discovery of this vulnerability was credited to Nick Galloway a member of Google’s Project Zero team, dedicated to identifying security vulnerabilities.
In Conclusion
Update to latest & stay safe!
Photo credit: Victollio via Getty Images