Tech giant Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones.

zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched.

The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections.

Buy Me A Coffee

he company says it addressed the security flaws for devices running iOS 17.4iPadOS 17.4iOS 16.76, and iPad 16.7.6 with improved input validation.

The list of impacted Apple devices is quite extensive, and it includes:

  • iPhone XS and later, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
  • iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Apple has not shared who disclosed both zero-days or if they were discovered internally.

READ
Apple Might Reveal a New 'Passwords' App Next Week