Cupertino, California – Apple has urgently released security updates to address two zero-day vulnerabilities in iOS that have been exploited in attacks on iPhones.
The vulnerabilities, found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), allowed attackers to bypass kernel memory protections by granting them arbitrary read and write capabilities. Apple has swiftly responded by issuing patches for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6, implementing improved input validation protocols.
A wide range of Apple devices are affected by these vulnerabilities, including various iPhone and iPad models. While the identity of those who reported the zero-days remains undisclosed, Apple has not revealed whether the vulnerabilities were discovered internally.
Although Apple has not confirmed any ongoing exploitation, it is worth noting that zero-day vulnerabilities in iOS are frequently utilized in state-sponsored spyware attacks targeting individuals like journalists, opposition politicians, and dissidents.
Given the potential risks posed by these vulnerabilities, it is highly recommended that users install the security updates promptly to mitigate any possible attack attempts. This marks the third zero-day fixed by Apple in 2024, following the first one addressed in January.
In the previous year, Apple addressed a total of 20 zero-day vulnerabilities that were exploited in the wild, highlighting the importance of prompt action to safeguard users’ devices. While the company continues to enhance its security measures, staying vigilant and proactive in updating devices is crucial in maintaining cybersecurity.