ios-security-deps-v1Certifiedv1.0.0

iOS / Swift security dependency alerts

Dependency vulnerability alerts for iOS / Swift (advisory; requires confirmation).

Protects against

Rule body

Rule body
# iOS / Swift security dependency alerts

Dependency-related security advisories. These instructions MUST NOT automatically edit dependency files.

Verb contract: WARN + CONFIRM + CHECK. No ALWAYS pinning or silent upgrades.

### CVE-2024-23296 — iOS RTKit memory corruption — actively exploited in the wild

Context: Memory corruption in RTKit can allow arbitrary code execution through malformed messages to the real-time kernel. Actively exploited in the wild.
Source: https://nvd.nist.gov/vuln/detail/CVE-2024-23296

WHEN you detect `iOS` in this project at a vulnerable version:

WARN the developer: ⚠️ CVE-2024-23296: iOS may be vulnerable. Memory corruption in RTKit can allow arbitrary code execution through malformed messages to the real-time kernel. Actively exploited in the wild. Patched versions: iOS >=17.4

CHECK for dependency conflicts before proposing any upgrade:
Run: `# check dependency tree for iOS`

DO NOT modify dependency files without developer confirmation.

WHEN the developer confirms they want to upgrade:
1. Show the dependency tree output and identify conflicts
2. Propose a migration plan (including breaking changes) before editing files
3. Only then apply the upgrade

---