Security News > 2023 > October > Apple emergency update fixes new zero-day used to hack iPhones
2023-10-04 18:19
Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users.
The zero-day is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads.
CVE-2023-42824 is the 17th zero-day vulnerability exploited in attacks that Apple has fixed since the start of the year.
Citizen Lab disclosed two other zero-days-fixed by Apple last month-abused as part of a zero-click exploit chain to infect fully patched iPhones with NSO Group's Pegasus spyware.
Apple backports BLASTPASS zero-day fix to older iPhones.
Apple discloses 2 new zero-days exploited to attack iPhones, Macs.
News URL
Related news
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Update Your iPhone Now to Fix Safari Security Flaw (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-42824 | Unspecified vulnerability in Apple Ipados The issue was addressed with improved checks. | 7.8 |