Security News > 2023 > October > Apple emergency update fixes new zero-day used to hack iPhones
2023-10-04 18:19
Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users.
The zero-day is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads.
CVE-2023-42824 is the 17th zero-day vulnerability exploited in attacks that Apple has fixed since the start of the year.
Citizen Lab disclosed two other zero-days-fixed by Apple last month-abused as part of a zero-click exploit chain to infect fully patched iPhones with NSO Group's Pegasus spyware.
Apple backports BLASTPASS zero-day fix to older iPhones.
Apple discloses 2 new zero-days exploited to attack iPhones, Macs.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)
- Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers (source)
- First Apple-notarized porn app available to iPhone users in Europe (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-42824 | Unspecified vulnerability in Apple Ipados The issue was addressed with improved checks. | 7.8 |