Apple on Monday rolled out urgent security-themed updates to its flagship mobile and desktop operating systems and warned that hackers may have already exploited an iOS vulnerability in the wild.
Cupertino’s security response team documented at least 16 vulnerabilities on iPhones and iPads and called special attention to CVE-2024-23296, a memory corruption bug in RTKit that the company says “may have been exploited” prior to the availability of patches.
Apple RTKit is a real-time embedded OS that runs on almost all Apple devices and has been targeted in the past with exploits that bypass kernel memory protections.
Apple said the bug was exploited on older iOS versions and shipped iOS 16.7.8 and iPadOS 16.7.8 with fixes. A patch has also been included in the latest macOS Ventura update.
The tech giant first mentioned CVE-2024-23296 in March, when it released iOS 17.4.
Separately, Apple documented 14 security defects in the newest iOS versions and warned that some of these issues could expose mobile users to code execution, data and privacy exposures, and system crashes.
The company also shipped security patches for all its desktop OSes — macOS Sonoma, macOS Ventura, and macOS Monterey — and warned that these flaws could lead to arbitrary code execution, privilege elevation and unauthorized data access.
Related: Apple Blunts Zero-Day Attacks With iOS 17.4 Update
Related: Microsoft Flags Ransomware Problems on Apple’s macOS
Related: Apple Security Flaw: How do ‘Zero-Click’ Attacks Work?
Related: Microsoft: macOS Trojan Becoming Stealthier, More Menacing
