Article Details

Apple backports fix for RTKit iOS zero-day to older iPhones. Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. In security advisories published today, Apple once again said they're aware of reports that this vulnerability "may have been actively exploited." The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers with arbitrary kernel read and write capability to bypass kernel memory protections. The company has not yet attributed the discovery of this security vulnerability to a security researcher. On March 5th, the company addressed the zero-day vulnerability (tracked as CVE-2024-23296) for newer iPhone, iPad, and Mac models. Today, Apple backported the March security updates to address this security flaw on iOS 16.7.8, iPadOS 16.7.8, and macOS Ventura 13.6.7 with improved input validation. The list of devices patched today includes iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. Three zero-days exploited in attacks patched in 2024 Apple has yet to disclose who disclosed the zero-day or whether it was discovered internally, and it has provided no information on the nature of the attacks exploiting it in the wild. Even though Apple has not released details regarding CVE-2024-23296 exploitation, iOS zero-days are commonly used in state-sponsored spyware attacks targeting high-risk individuals, including journalists, dissidents, and opposition politicians. While this zero-day was likely only used in targeted attacks, it is highly advised to install today's security updates as soon as possible to block potential attack attempts if you're using an older iPhone or iPad model. Since the start of the year, Apple has fixed three zero-days: two in March (CVE-2024-23225 and CVE-2024-23296) and one in January (CVE-2024-23222). In January, Apple also backported patches for two WebKit zero-days (CVE-2023-42916 and CVE-2023-42917), which were patched in November for newer devices. With today's iOS 17.5 update, Apple has also added support for unwanted tracking alerts (Google launched the same capability on Android 6.0+ devices). These alerts will warn users if Bluetooth tracking devices (AirTag, Find My accessory, or other industry specification-compatible Bluetooth tracker) are being used to track their location.