Apple just fixed two major iPhone security flaws — install these emergency updates now

iPhone 15 Pro Max shown in hand
(Image credit: Tom's Guide)

The best iPhones are in need of an update as Apple has released a series of emergency security updates to fix two new zero-day vulnerabilities.

As reported by BleepingComputer, the iPhone maker revealed in an advisory that it is aware that these two new zero-day flaws may have already been exploited by hackers in their attacks. 

Still though, Apple is playing things close to the chest for now to give users time to update their devices and while we have Common Vulnerability and Exposures (CVE) numbers for both flaws, we don’t yet know how severe they are or who discovered them. 

What we do know though is that the first zero-day (tracked as CVE-2024-23225) was found in the iOS kernel and could be abused by an attacker with kernel read and write capabilities to bypass kernel memory protections. Likewise, the second zero-day (tracked as CVE-2024-23296) was found in Apple’s RTKitOS which runs on every Apple chip or embedded device. If exploited by an attacker with kernel read and write capabilities, this zero-day could be used to bypass kernel memory protections too.

Like with other recent iOS zero-days, these two were probably used by state-sponsored hackers to target politicians, journalists and other high-profile individuals. Still, it’s highly recommended that you download these new emergency security updates and install them right away to avoid any potential cyberattacks.

Impacted Apple devices

iPad Pro 2022

(Image credit: Tom's Guide)

These two new zero-day flaws affect a number of different Apple devices ranging from iPhones to the best iPads but it’s worth noting that the best MacBooks aren’t impacted.

If you have an iPhone XS or later, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later or the iPad mini 5th generation and later, you’re going to need to install these emergency security updates to stay safe from any potential attacks.

Hopefully we learn more about these zero-day vulnerabilities but as this is Apple we’re talking about, that likely won’t be the case.

How to keep your iPhone safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

When it comes to keeping your iPhone and other devices protected from hackers and cyberattacks, the first and most important thing you can do is to keep your devices updated. While I know this may be annoying, hackers often like to prey on users that have yet to update their devices with the latest patches.

Although there isn’t an iPhone equivalent of the best Android antivirus apps, one of the best Mac antivirus software suites does allow you to scan your iPhone or iPad for malware. You see, due to Apple’s own restrictions, iOS and iPadOS apps can’t scan for malware. However, both Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 can but there is a catch: your iPhone or iPad will need to be connected to your Mac via USB when running a malware scan.

So far this year, Apple has fixed three zero-day flaws while last year, the company released fixes for 20 different zero-days which were exploited in the wild. Apple’s devices used to be known for being safer than their Android and Windows counterparts but now that hackers have seen just how lucrative targeting them can be, we’re seeing more and more attacks aimed at iPhones and Macs. This will likely continue since Apple’s products are popular worldwide which is why you need to be proactive by updating your devices the second a patch for a zero-day flaw becomes available.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.