Actively Exploited Apple Zero-Day Affects iPhone Kernel

  /     /     /  
Publicated : 23/11/2024   Category : security

Actively Exploited Apple Zero-Day Affects iPhone Kernel


Apple has issued an emergency fix for the latest exploited zero-day bug found affecting its software in 2023 — a list that also includes the Operation Triangulation spyware flaws.


Apple has addressed multiple security vulnerabilities in an emergency patch drop, one of which is a zero-day vulnerability tracked as CVE-2023-38606 being actively exploited in the wild.
This is the latest resolved zero-day bug in a series of
11 such flaws affecting its software in 2023
alone. In its advisory, 
the company noted
 that the vulnerability can be exploited on iPhones and iPads by an app that may have malicious intentions to potentially modify the sensitive kernel state.
It also stated that this vulnerability was addressed with improved state management, and that Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Five Kaspersky security researchers were credited with finding the flaw; that team also earlier this year discovered a series of Apple zero-day flaws connected to
Operation Triangulation
, a sophisticated iOS cyberespionage spy campaign that proved to be ongoing since 2019. The three relevant vulnerabilities — used to deploy TriangleDB spying implants on iOS devices — are known as
CVE-2023-46690

CVE-2023-32434
, and 
CVE-2023-32439
.
The latest patches are available for multiple Apple products, including the iPhone 8 and later, all iPad Pro models, and the iPad Air 3rd generation, iPad 5th generation, and iPad mini 5th generation and later.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Actively Exploited Apple Zero-Day Affects iPhone Kernel