Apple Responds to Exploited iOS Zero-Days with Emergency Security Updates
March 5, 2024
Apple has released crucial security updates to rectify two iOS zero-day vulnerabilities that have been exploited in attacks on iPhones. In an advisory issued on Tuesday, the company stated, "Apple is aware of a report that this issue may have been exploited." The two vulnerabilities were identified in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296). These vulnerabilities could provide attackers with arbitrary kernel read and write capabilities, enabling them to bypass kernel memory protections.
Apple has addressed these security flaws for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6 by enhancing input validation. The range of Apple devices impacted by these vulnerabilities is quite broad.
The company has not disclosed who reported the zero-days or whether they were uncovered internally. Although Apple has not released information about ongoing exploitation in the wild, it is known that iOS zero-day vulnerabilities are frequently utilized in state-sponsored spyware attacks against high-risk individuals, including journalists, opposition politicians, and dissidents.
While these zero-day vulnerabilities were probably only used in targeted attacks, it is strongly recommended to install the latest security updates promptly to prevent potential attack attempts. So far in 2024, Apple has fixed three zero-days, with the first one fixed in January. In the previous year, the company rectified a total of 20 zero-day flaws that were exploited in the wild.
Latest News
- CISA Lists Windows Kernel Bug Exploited by Lazarus Group in its Known Exploited Vulnerabilities Catalog
- Critical Vulnerabilities in TeamCity Pose Threat to Software Supply Chain
- Critical Exploit for TeamCity Auth Bypass Bug Available: Immediate Patching Recommended
- North Korean APT Group Kimsuky Exploits ScreenConnect Vulnerabilities to Deploy New ToddleShark Malware
- Phobos Ransomware Targets U.S. Critical Infrastructure: Government Agencies Issue Warning
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.