Security News > 2024 > March > Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
Apple has fixed two iOS zero-day vulnerabilities exploited by attackers in the wild.
"Additional CVE entries [are] coming soon," Apple noted for both updates.
The iOS/iPadOS 15.8.2 update has currently no associated CVEs.
While it's usual for Apple to refrain from sharing any details about in-the-wild attacks leveraging their zero-days, they usually acknowledge the person/research team that reported them - but not this time.
Zero-days in iOS are often exploited by mobile spyware makers to saddle targets with malware capable of extracting sensitive data from their iPhones and to spy on conversations.
Still, with Apple having been forced to allow third-party app stores for iOS apps in Europe, malicious apps occasionally lurking on its App Store, and threat actors increasingly developing and looking for malware able to run on iOS and macOS, regularly updating your Apple devices is definitely becoming even more important.
News URL
https://www.helpnetsecurity.com/2024/03/06/cve-2024-23225-cve-2024-23296/
Related news
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)