Security News > 2024 > May > Apple backports fix for RTKit iOS zero-day to older iPhones

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
Today, Apple backported the March security updates to address this security flaw on iOS 16.7.8, iPadOS 16.7.8, and macOS Ventura 13.6.7 with improved input validation.
Apple has yet to disclose who disclosed the zero-day or whether it was discovered internally, and it has provided no information on the nature of the attacks exploiting it in the wild.
Even though Apple has not released details regarding CVE-2024-23296 exploitation, iOS zero-days are commonly used in state-sponsored spyware attacks targeting high-risk individuals, including journalists, dissidents, and opposition politicians.
In January, Apple also backported patches for two WebKit zero-days, which were patched in November for newer devices.
With today's iOS 17.5 update, Apple has also added support for unwanted tracking alerts.
News URL
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-05 | CVE-2024-23296 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved validation. | 7.8 |