Security News > 2023 > October > Apple emergency update fixes new zero-day used to hack iPhones

Apple emergency update fixes new zero-day used to hack iPhones
2023-10-04 18:19

Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users.

The zero-day is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads.

CVE-2023-42824 is the 17th zero-day vulnerability exploited in attacks that Apple has fixed since the start of the year.

Citizen Lab disclosed two other zero-days-fixed by Apple last month-abused as part of a zero-click exploit chain to infect fully patched iPhones with NSO Group's Pegasus spyware.

Apple backports BLASTPASS zero-day fix to older iPhones.

Apple discloses 2 new zero-days exploited to attack iPhones, Macs.


News URL

https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-42824 Unspecified vulnerability in Apple Ipados
The issue was addressed with improved checks.
local
low complexity
apple
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349