Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS

Apple documents another zero-day flaw being exploited on older iPhones and documents security problems in macOS, iOS and iPadOS.

Apple patches vulnerabilities

Apple on Monday rolled out urgent security-themed updates to its flagship mobile and desktop operating systems and warned that hackers may have already exploited an iOS vulnerability in the wild.

Cupertino’s security response team documented at least 16 vulnerabilities on iPhones and iPads and called special attention to CVE-2024-23296, a memory corruption bug in RTKit that the company says “may have been exploited” prior to the availability of patches.

Apple RTKit is a real-time embedded OS that runs on almost all Apple devices and has been targeted in the past with exploits that bypass kernel memory protections. 

Apple said the bug was exploited on older iOS versions and shipped iOS 16.7.8 and iPadOS 16.7.8 with fixes. A patch has also been included in the latest macOS Ventura update.

The tech giant first mentioned CVE-2024-23296 in March, when it released iOS 17.4.

Separately, Apple documented 14 security defects in the newest iOS versions and warned that some of these issues could expose mobile users to code execution, data and privacy exposures, and system crashes.

The company also shipped security patches for all its desktop OSes — macOS Sonoma, macOS Ventura, and macOS Monterey — and warned that these flaws could lead to arbitrary code execution, privilege elevation and unauthorized data access. 

Related: Apple Blunts Zero-Day Attacks With iOS 17.4 Update

Advertisement. Scroll to continue reading.

Related: Microsoft Flags Ransomware Problems on Apple’s macOS

Related: Apple Security Flaw: How do ‘Zero-Click’ Attacks Work?

Related: Microsoft: macOS Trojan Becoming Stealthier, More Menacing

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights