Security News > 2023 > June > Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!
Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone malware.
Typically, iPhone malware that can compromise an entire device not only violates Apple's strictures about software downloads being restricted to the "Walled garden" of Apple's own App Store, but also bypasses Apple's much vaunted app separation, which is supposed to limit the reach of each app to a "Walled garden" of its own, containing only the data collected by that app itself.
That's because the kernel is responsible for all the "Walled gardening" protection applied to the device.
Therefore pwning the kernel generally means that attackers get to sidestep many or most of the security controls on the device altogether, resulting in the broadest and most dangerous sort of compromise.
Intriguingly, although Apple states no more than that the kernel zero-day "May have been exploited on iOS before version 15.7".
Every updated system, including watchOS and all three supported flavours of macOS, has been patched against this very kernel hole.
News URL
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Emergency patch for potential SAP zero-day that could grant full system control (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)