Apple Rushes Out Security Updates to Address Exploited iOS Zero-Days

Giulio Saggin
Giulio Saggin
Wednesday 6 March 2024
Apple Rushes Out Security Updates to Address Exploited iOS Zero-Days
Photo: Jimmy Jin (unsplash)

Apple has taken swift action to address two zero-day vulnerabilities that have been actively exploited in attacks targeting iPhones. In response to these security concerns, the company issued emergency security updates.

In a statement released on Tuesday, Apple acknowledged the existence of the vulnerabilities and their exploitation. The two bugs, identified in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), granted attackers the ability to bypass kernel memory protections, potentially enabling them to execute arbitrary code with kernel-level privileges.

To mitigate these risks, Apple has rolled out security patches for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6. These updates include enhancements to input validation, aimed at fortifying the affected systems against potential attacks.

The impact of these vulnerabilities spans a wide range of Apple devices, including iPhones XS and later, iPhone 8, iPhone 8 Plus, iPhone X, various iPad models, and more.

As of now, Apple has not disclosed the source of the zero-day vulnerabilities nor confirmed whether they were identified internally or reported externally.

While there is no indication of widespread exploitation in the wild, it's worth noting that zero-day vulnerabilities in iOS are frequently exploited in targeted attacks, particularly against individuals at high risk, such as journalists, political figures, and activists.

Given the potential severity of these vulnerabilities, Apple urges users to apply the latest security updates promptly to safeguard their devices against potential exploitation.

This marks the third set of zero-day vulnerabilities addressed by Apple in 2024, following a similar action in January. In 2023, the company faced numerous zero-day vulnerabilities, totaling 20, which were exploited in the wild. These vulnerabilities were systematically addressed through a series of security updates throughout the year, underscoring Apple's commitment to protecting its users from evolving threats.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203