Security News > 2023 > October > Apple emergency update fixes new zero-day used to hack iPhones
2023-10-04 18:19
Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users.
The zero-day is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads.
CVE-2023-42824 is the 17th zero-day vulnerability exploited in attacks that Apple has fixed since the start of the year.
Citizen Lab disclosed two other zero-days-fixed by Apple last month-abused as part of a zero-click exploit chain to infect fully patched iPhones with NSO Group's Pegasus spyware.
Apple backports BLASTPASS zero-day fix to older iPhones.
Apple discloses 2 new zero-days exploited to attack iPhones, Macs.
News URL
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-42824 | Unspecified vulnerability in Apple Ipados The issue was addressed with improved checks. | 7.8 |