Actively Exploited Apple Zero-Day Affects iPhone Kernel

  /     /     /  
Publicated : 23/11/2024   Category : security


Actively Exploited Apple Zero-Day Affects iPhone Kernel


Apple has issued an emergency fix for the latest exploited zero-day bug found affecting its software in 2023 — a list that also includes the Operation Triangulation spyware flaws.



Apple has addressed multiple security vulnerabilities in an emergency patch drop, one of which is a zero-day vulnerability tracked as CVE-2023-38606 being actively exploited in the wild.
This is the latest resolved zero-day bug in a series of
11 such flaws affecting its software in 2023
alone. In its advisory, 
the company noted
 that the vulnerability can be exploited on iPhones and iPads by an app that may have malicious intentions to potentially modify the sensitive kernel state.
It also stated that this vulnerability was addressed with improved state management, and that Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Five Kaspersky security researchers were credited with finding the flaw; that team also earlier this year discovered a series of Apple zero-day flaws connected to
Operation Triangulation
, a sophisticated iOS cyberespionage spy campaign that proved to be ongoing since 2019. The three relevant vulnerabilities — used to deploy TriangleDB spying implants on iOS devices — are known as
CVE-2023-46690

CVE-2023-32434
, and 
CVE-2023-32439
.
The latest patches are available for multiple Apple products, including the iPhone 8 and later, all iPad Pro models, and the iPad Air 3rd generation, iPad 5th generation, and iPad mini 5th generation and later.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Actively Exploited Apple Zero-Day Affects iPhone Kernel