Apple warns about iOS zero-day exploit

Apple has issued a fix for a vulnerability affecting older iPhones, adding that the RTKit iOS zero-day bug may have already been exploited.

The vulnerability, tracked as CVE-2024-23296, affects older Apple devices such as iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

According to Apple’s advisory, the bug is a memory corruption issue, which allows attackers with arbitrary kernel read and write capability to bypass kernel memory protections.

“Apple is aware of a report that this issue may have been exploited,” reads the tech behemoths’ security advisory.

The vulnerability impacts RealtimeKit (RTKit), the operating system component that’s responsible for executing and managing processes with elevated timing requirements.

Apple’s advisory also mentioned a fix for a bug that impacts the Foundation framework, which provides protocols and functions for developing software.

The company said the bug, discovered by security researcher Mickey Jin, was a logic issue and could have allowed apps to access user-sensitive data.