Security News > 2024 > March > Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
Apple has fixed two iOS zero-day vulnerabilities exploited by attackers in the wild.
"Additional CVE entries [are] coming soon," Apple noted for both updates.
The iOS/iPadOS 15.8.2 update has currently no associated CVEs.
While it's usual for Apple to refrain from sharing any details about in-the-wild attacks leveraging their zero-days, they usually acknowledge the person/research team that reported them - but not this time.
Zero-days in iOS are often exploited by mobile spyware makers to saddle targets with malware capable of extracting sensitive data from their iPhones and to spy on conversations.
Still, with Apple having been forced to allow third-party app stores for iOS apps in Europe, malicious apps occasionally lurking on its App Store, and threat actors increasingly developing and looking for malware able to run on iOS and macOS, regularly updating your Apple devices is definitely becoming even more important.
News URL
https://www.helpnetsecurity.com/2024/03/06/cve-2024-23225-cve-2024-23296/
Related news
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)