HomeWinBuzzer NewsApple Patches Exploited Kernel Bug in Older iPhones and iPads

Apple Patches Exploited Kernel Bug in Older iPhones and iPads

Apple fixes a critical zero-day flaw (CVE-2024-23296) in older iPhones and iPads with iOS 16.7.8 update.


has extended security patches initially released in March to older iPhones and iPads, addressing an iOS Kernel zero-day vulnerability that has been exploited in attacks. The company has confirmed reports indicating that the flaw “may have been actively exploited.”

Memory Corruption Issue in RTKit

The vulnerability, identified as CVE-2024-23296, is a memory corruption issue in Apple's RTKit real-time operating system. This flaw allows attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections. The identity of the security researcher who discovered the vulnerability has not been disclosed by Apple.

On March 5th, Apple addressed the zero-day vulnerability for newer models of , iPad, and Mac. The company has now extended these security updates to older devices, including iPhone 8, iPhone 8 Plus, , iPad 5th generation, 9.7-inch, and iPad Pro 12.9-inch 1st generation. The updates, which are now available for iOS 16.7.8, 16.7.8, and macOS Ventura 13.6.7, include improved input validation to mitigate the issue.

Three Zero-Days Patched in 2024

Since the beginning of the year, Apple has fixed three zero-day vulnerabilities. Two were addressed in March (CVE-2024-23225 and CVE-2024-23296) and one in January (CVE-2024-23222). In January, Apple also backported patches for two WebKit zero-days (CVE-2023-42916 and CVE-2023-42917), which were initially patched in November for newer devices.

Additional Vulnerabilities Addressed

Apple documents at least 16 vulnerabilities on iPhones and iPads and called special attention to CVE-2024-23296, a memory corruption bug in RTKit that the company says “may have been exploited” prior to the availability of patches. The Real-Time Kernel is a component of the operating system responsible for managing and executing tasks with strict timing requirements.

The company also addressed a logic issue, tracked as CVE-2024-27789, in the Foundation framework. The flaw can be exploited by an app to access user-sensitive data. This flaw was reported by security researcher Mickey Jin (@patch1t), and Apple addressed the vulnerability with improved checks.

Security Implications and User Recommendations

Although Apple has not released specific details regarding the exploitation of CVE-2024-23296, iOS zero-days are often used in state-sponsored spyware attacks targeting high-risk individuals such as journalists, dissidents, and opposition politicians. While the zero-day was likely used in targeted attacks, users of older iPhone or iPad models are strongly advised to install the latest security updates to prevent potential attacks.

In addition to these patches, the latest iOS 17.5 update includes support for unwanted tracking alerts. These alerts notify users if Bluetooth tracking devices, such as AirTags or other compatible trackers, are being used to track their location.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.