Apple Patches ‘RTKit’ Flaw Presumably Exploited by Hackers on Macs

Apple this week rolled out a set of maintenance updates across its product lineup, mostly to address security issues. One such flaw is said to be exploited in the wild on macOS Monterey.

Security issues addressed across the board

Yesterday, the Cupertino tech giant populated the security releases support page with a list of updates available for most of its flagship products.

·      Safari 17.6

·      iOS 17.6 and iPadOS 17.6

·      iOS 16.7.9 and iPadOS 16.7.9

·      macOS Sonoma 14.6

·      macOS Ventura 13.6.8

·      macOS Monterey 12.7.6

·      watchOS 10.6

·      tvOS 17.6

·      visionOS 1.3

·      iOS 15.8.3 and iPadOS 15.8.3 (not accompanied by a security advisory, only containing minor optimizations and enhancements for old-generation devices)

Apple is addressing a range of security vulnerabilities signalled by testers and researchers. While most of the bugs are relatively benign, or at least not known to be used in attacks, one issue is said to have been exploited to illicit ends.

‘This issue may have been exploited’

Tracked as CVE-2024-23296, a flaw in Apple’s real-time system for embedded use cases, RTKit, can be exploited to trigger memory corruption, enabling a motivated attacker to bypass kernel memory protections.

“An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections,” reads the advisory. “Apple is aware of a report that this issue may have been exploited.”

Threat actors have been known to leverage such flaws to weave together larger exploit chains and deploy data-stealing malware, including spyware, on unpatched machines.

Apple plugged this security hole in March on iOS devices, and more recently also found it addressable on desktops running macOS Monterey. If you're running Monterey on your Mac, update to macOS 12.7.6 to stem potential opportunities for attackers.

None of the other updates rolled out yesterday patch known-to-be-exploited bugs, but they’re important. The fact that a security issue is not labelled as ‘actively-exploited’ doesn’t mean threat actors haven’t been wielding it quietly and covertly.

As always, Bitdefender recommends you deploy the latest security updates the moment they’re available – especially when the vulnerabilities addressed are said to be exploited by threat actors. For peace of mind, consider using a dedicated security solution on your personal devices.

These updates arrive in tandem with iOS 18.1 Beta for developer testing ahead of the widely-anticipated software upgrade for iPhone and iPad users. iOS 18, expected in September, marks Apple’s biggest development in the Artificial Intelligence era, with a wide array of AI-powered features for iDevice users.