Apple issued two emergency patches (iOS 17.4) for iPhone zero-days on March 5 that the company said in an advisory may have been exploited in the wild.Security pros said it was a serious issue because nation-state threat actors tend to exploit iOS zero-days to launch spyware attacks on high-risk individuals such as journalists, opposition politicians, and dissidents.“While it was not mentioned whether these exploits were used by commercial spyware vendors, I believe there’s a high probability this is the case, given the high value of such exploits,” said Ken Westin, Field CISO at Panther Labs. “These types of exploits are utilized by commercial spyware vendors that provide their technology and services to nation-states, supposedly to target criminals; however, they are often misused to target dissidents and journalists.”The first zero-day — CVE-2024-23225 — was in the iOS Kernel, while the second zero-day — CVE-2024-23296 — was in the RTKit. Apple said that in both cases an attacker with arbitrary kernel read-and-write capability could potentially bypass kernel memory protections.For the Kernel, patches are now available for the following devices: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.And for the RTKit, patches are now available for the following devices: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.Apple did not disclose the name of the researcher who found the two zero-day bugs. With the patches of the two bugs, Apple has fixed three zero-days in 2024 — the first happening in January.Being able to bypass kernel memory protections, along with having read and write privileges, is as serious as it gets, said John Gallagher, vice president of Viakoo Labs. Gallagher added that Apple has effective patching mechanisms in place and that in other types of devices (particularly IoT), this could have long-lasting and devastating consequences.“These iOS zero-day vulnerabilities are not just for state-sponsored spyware attacks, such as Pegasus,” said Gallagher. “Any threat actor aiming for stealth will want to leverage zero-day exploits, especially in highly used devices, such as smartphones, or high impact systems, such as IoT devices and applications.”
Vulnerability Management, Endpoint/Device Security, Patch/Configuration Management
Apple’s 17.4 emergency update patches two iPhone zero-days

Emergency updates for iPhones were issued by Apple on March 5. (Photo by Jakub Porzycki/NurPhoto via Getty Images)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



