Security News > 2024 > March > Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)

Apple has fixed two iOS zero-day vulnerabilities exploited by attackers in the wild.
"Additional CVE entries [are] coming soon," Apple noted for both updates.
The iOS/iPadOS 15.8.2 update has currently no associated CVEs.
While it's usual for Apple to refrain from sharing any details about in-the-wild attacks leveraging their zero-days, they usually acknowledge the person/research team that reported them - but not this time.
Zero-days in iOS are often exploited by mobile spyware makers to saddle targets with malware capable of extracting sensitive data from their iPhones and to spy on conversations.
Still, with Apple having been forced to allow third-party app stores for iOS apps in Europe, malicious apps occasionally lurking on its App Store, and threat actors increasingly developing and looking for malware able to run on iOS and macOS, regularly updating your Apple devices is definitely becoming even more important.
News URL
https://www.helpnetsecurity.com/2024/03/06/cve-2024-23225-cve-2024-23296/
Related news
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)