Upgrade your devices to avoid becoming another victim of hackers.
Apple has released emergency security updates to address two zero-day vulnerabilities in iOS that have already been exploited in real attacks on the iPhone. The company announced this on March 5 in a separate security recommendation.
Vulnerabilities were discovered in the iOS kernel ( CVE-2024-23225 ) and RTKit ( CVE-2024-23296 ), but the CVSS rating for them has not yet been determined. Both vulnerabilities allow attackers with arbitrary read and write capabilities in the kernel to bypass kernel memory protection.
Apple has fixed these issues for devices running on iOS 17.4, iPadOS 17.4, iOS 16.76, and iPadOS 16.7.6 by improving input validation. The list of affected Apple devices includes iPhone XS and newer models, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch and iPad Pro 12.9-inch 1st generation, as well as later versions of these devices and other iPad and iPad mini models.
While Apple did not provide information on specific exploits of vulnerabilities "in the wild,"such vulnerabilities are often exploited in state-sponsored spyware, such as NSO Group's Israeli Pegasus. Such software is usually used to attack journalists, opposition politicians, and dissidents.
It is recommended that you install security updates as soon as possible to prevent possible risks, even considering the possibility that these vulnerabilities were only used in targeted attacks.
This year, Apple has already fixed 3 zero-day vulnerabilities, the first of which was closed in January. And last year, the company even fixed 20 such vulnerabilities.
Apple has released emergency security updates to address two zero-day vulnerabilities in iOS that have already been exploited in real attacks on the iPhone. The company announced this on March 5 in a separate security recommendation.
Vulnerabilities were discovered in the iOS kernel ( CVE-2024-23225 ) and RTKit ( CVE-2024-23296 ), but the CVSS rating for them has not yet been determined. Both vulnerabilities allow attackers with arbitrary read and write capabilities in the kernel to bypass kernel memory protection.
Apple has fixed these issues for devices running on iOS 17.4, iPadOS 17.4, iOS 16.76, and iPadOS 16.7.6 by improving input validation. The list of affected Apple devices includes iPhone XS and newer models, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch and iPad Pro 12.9-inch 1st generation, as well as later versions of these devices and other iPad and iPad mini models.
While Apple did not provide information on specific exploits of vulnerabilities "in the wild,"such vulnerabilities are often exploited in state-sponsored spyware, such as NSO Group's Israeli Pegasus. Such software is usually used to attack journalists, opposition politicians, and dissidents.
It is recommended that you install security updates as soon as possible to prevent possible risks, even considering the possibility that these vulnerabilities were only used in targeted attacks.
This year, Apple has already fixed 3 zero-day vulnerabilities, the first of which was closed in January. And last year, the company even fixed 20 such vulnerabilities.
