Apple addresses two new zero-day flaws in iOS

Emergency security update available for newest versions

Owners of some of the newest iphones advised to update them at the earliest opportunity

Owners of some of the newest iphones on the market are advised to update them as soon as possible, as Apple has released security updates to address two new, zero-day vulnerabilities.

Devices running running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6 are all affected.

As first reported by Bleeping Computer, Apple issued an advisory yesterday, confirming its awareness that these new vulnerabilities are possibly already being exploited.

The advisory provided CVE numbers for both flaws (CVE-2024-23225 and CVE-2024-23296) which are in the iOS Kernel and RTKit, and allow hackers with arbitrary kernel read and write capabilities to bypass kernel memory protections.

Apple hasn't yet disclosed the severity of the flaws, or which organisation or person discovered them, but has recommended that own owners of the following devices download these security updates as soon as possible:

• iPhone XS and later, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
• iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Previous iOS zero-day vulnerabilities have been used in state-sponsored spyware attacks against high-risk individuals, such as journalists, opposition politicians, and dissidents.