Security News > 2024 > March > Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
Apple has fixed two iOS zero-day vulnerabilities exploited by attackers in the wild.
"Additional CVE entries [are] coming soon," Apple noted for both updates.
The iOS/iPadOS 15.8.2 update has currently no associated CVEs.
While it's usual for Apple to refrain from sharing any details about in-the-wild attacks leveraging their zero-days, they usually acknowledge the person/research team that reported them - but not this time.
Zero-days in iOS are often exploited by mobile spyware makers to saddle targets with malware capable of extracting sensitive data from their iPhones and to spy on conversations.
Still, with Apple having been forced to allow third-party app stores for iOS apps in Europe, malicious apps occasionally lurking on its App Store, and threat actors increasingly developing and looking for malware able to run on iOS and macOS, regularly updating your Apple devices is definitely becoming even more important.
News URL
https://www.helpnetsecurity.com/2024/03/06/cve-2024-23225-cve-2024-23296/
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)