Dependency vulnerability alerts for iOS / Swift (advisory; requires confirmation).
# iOS / Swift security dependency alerts Dependency-related security advisories. These instructions MUST NOT automatically edit dependency files. Verb contract: WARN + CONFIRM + CHECK. No ALWAYS pinning or silent upgrades. ### CVE-2024-23296 — iOS RTKit memory corruption — actively exploited in the wild Context: Memory corruption in RTKit can allow arbitrary code execution through malformed messages to the real-time kernel. Actively exploited in the wild. Source: https://nvd.nist.gov/vuln/detail/CVE-2024-23296 WHEN you detect `iOS` in this project at a vulnerable version: WARN the developer: ⚠️ CVE-2024-23296: iOS may be vulnerable. Memory corruption in RTKit can allow arbitrary code execution through malformed messages to the real-time kernel. Actively exploited in the wild. Patched versions: iOS >=17.4 CHECK for dependency conflicts before proposing any upgrade: Run: `# check dependency tree for iOS` DO NOT modify dependency files without developer confirmation. WHEN the developer confirms they want to upgrade: 1. Show the dependency tree output and identify conflicts 2. Propose a migration plan (including breaking changes) before editing files 3. Only then apply the upgrade ---