Apple Backports Security Patches to Older iPhones and iPads Amid Active Exploitation of Zero-Day

May 13, 2024

Apple has recently applied security patches to older models of iPhones and iPads, addressing a zero-day vulnerability that was reportedly being exploited in targeted attacks. The vulnerability in question is a memory corruption issue in Apple's RTKit real-time operating system, which could potentially allow threat actors to bypass kernel memory protections.

The tech giant has not yet credited the discovery of this security flaw to any security researcher. The zero-day vulnerability, tracked as CVE-2024-23296, was initially addressed by Apple on March 5th for newer models of iPhones, iPads, and Macs. The recent security updates, which have been backported to address this security flaw on iOS 16.7.8, iPadOS 16.7.8, and macOS Ventura 13.6.7, include improved input validation.

Devices that have received the patch include iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. Apple has not yet revealed who discovered the zero-day or whether it was found internally. Moreover, the company has not provided any details about the nature of the attacks that exploited this vulnerability in the wild.

It is common for iOS zero-days to be used in state-sponsored spyware attacks targeting high-risk individuals such as journalists, dissidents, and opposition politicians. While this particular zero-day was likely used only in targeted attacks, users of older iPhone or iPad models are strongly advised to install the latest security updates as soon as possible to prevent potential attack attempts.

Since the beginning of the year, Apple has addressed three zero-days: two in March (CVE-2024-23225 and CVE-2024-23296) and one in January (CVE-2024-23222). In addition, Apple backported patches for two WebKit zero-days (CVE-2023-42916 and CVE-2023-42917) in January, which were initially patched in November for newer devices.

With the latest iOS 17.5 update, Apple has also introduced support for unwanted tracking alerts. Similar to a feature recently launched by Google on Android 6.0+ devices, these alerts will warn users if Bluetooth tracking devices (such as AirTag, Find My accessory, or other compatible Bluetooth trackers) are being used to track their location.

Related News

• Apple Releases Details on Security Bug Allowing Remote Code Execution
• CISA Lists Apple iOS and iPadOS Memory Corruption Bugs in its Known Exploited Vulnerabilities Catalog
• Apple Responds to Exploited iOS Zero-Days with Emergency Security Updates
• Apple Shortcuts Zero-Click Vulnerability Enables Covert Data Theft
• Apple Addresses Vision Pro Security Flaw, CISA Highlights iOS Vulnerability Exploitation

Latest News

• QakBot Malware Attacks Exploiting Windows Zero-Day Vulnerability Addressed by Microsoft
• Microsoft's May 2024 Patch Tuesday Addresses 61 Vulnerabilities Including 3 Zero-Days
• Google Scrambles to Patch Chrome Zero-Day Vulnerabilities Allowing Sandbox Escape
• Apple Patches Safari WebKit Zero-Day Exploit Uncovered at Pwn2Own
• VMware Patches Trio of Zero-Day Vulnerabilities Exposed at Pwn2Own 2024