Safari Fixes Type Confusion Issue, Addresses Arbitrary Code Execution Vulnerability
CVE-2024-23222

8.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Mac OS
Vendor: CVE Published:; 23 January 2024

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

A type confusion vulnerability has been identified in Apple's operating systems that could allow attackers to execute arbitrary code by processing specially crafted web content. Improved checks have been implemented in the latest versions of iOS, iPadOS, macOS, and tvOS to address this issue. Apple is aware of reports suggesting that this vulnerability may have been actively exploited, emphasizing the importance of updating devices to the latest software versions to mitigate any potential risks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 17.3

macOS < 14.3

tvOS < 17.3

News Articles

SC Media

CVE-2024-23222

Apple patches zero day affecting operating systems for devices, Macs

Apple released a bevy of security updates to fix a slew of vulnerabilities in its products on Monday, including a zero day that “may have been exploited” in operating systems for its iPhones, iPads and Macintosh computers.