Security News > 2023 > October > Apple emergency update fixes new zero-day used to hack iPhones
Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users.
The zero-day is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads.
CVE-2023-42824 is the 17th zero-day vulnerability exploited in attacks that Apple has fixed since the start of the year.
Citizen Lab disclosed two other zero-days-fixed by Apple last month-abused as part of a zero-click exploit chain to infect fully patched iPhones with NSO Group's Pegasus spyware.
Apple backports BLASTPASS zero-day fix to older iPhones.
Apple discloses 2 new zero-days exploited to attack iPhones, Macs.
News URL
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-04 | CVE-2023-42824 | Unspecified vulnerability in Apple Ipados The issue was addressed with improved checks. | 7.8 |