Security News > 2023 > June > Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!
Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone malware.
Typically, iPhone malware that can compromise an entire device not only violates Apple's strictures about software downloads being restricted to the "Walled garden" of Apple's own App Store, but also bypasses Apple's much vaunted app separation, which is supposed to limit the reach of each app to a "Walled garden" of its own, containing only the data collected by that app itself.
That's because the kernel is responsible for all the "Walled gardening" protection applied to the device.
Therefore pwning the kernel generally means that attackers get to sidestep many or most of the security controls on the device altogether, resulting in the broadest and most dangerous sort of compromise.
Intriguingly, although Apple states no more than that the kernel zero-day "May have been exploited on iOS before version 15.7".
Every updated system, including watchOS and all three supported flavours of macOS, has been patched against this very kernel hole.
News URL
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- OpenPaX: Open-source kernel patch that mitigates memory safety errors (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)