Security News > 2024 > March > Apple fixes two new iOS zero-days exploited in attacks on iPhones
Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones.
The company says it addressed the security flaws for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6 with improved input validation.
While Apple has not released information regarding ongoing exploitation in the wild, iOS zero-day vulnerabilities are commonly used in state-sponsored spyware attacks against high-risk individuals, such as journalists, opposition politicians, and dissidents.
With these two vulnerabilities, Apple has fixed three zero-days so far in 2024, with the first in January.
Three more zero-days in May. two zero-days in April.
Apple fixes first zero-day bug exploited in attacks this year.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)