Apple Responds to Exploited iOS Zero-Days with Emergency Security Updates

March 5, 2024

Apple has released crucial security updates to rectify two iOS zero-day vulnerabilities that have been exploited in attacks on iPhones. In an advisory issued on Tuesday, the company stated, "Apple is aware of a report that this issue may have been exploited." The two vulnerabilities were identified in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296). These vulnerabilities could provide attackers with arbitrary kernel read and write capabilities, enabling them to bypass kernel memory protections.

Apple has addressed these security flaws for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6 by enhancing input validation. The range of Apple devices impacted by these vulnerabilities is quite broad.

The company has not disclosed who reported the zero-days or whether they were uncovered internally. Although Apple has not released information about ongoing exploitation in the wild, it is known that iOS zero-day vulnerabilities are frequently utilized in state-sponsored spyware attacks against high-risk individuals, including journalists, opposition politicians, and dissidents.

While these zero-day vulnerabilities were probably only used in targeted attacks, it is strongly recommended to install the latest security updates promptly to prevent potential attack attempts. So far in 2024, Apple has fixed three zero-days, with the first one fixed in January. In the previous year, the company rectified a total of 20 zero-day flaws that were exploited in the wild.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.