Safari Fixes Type Confusion Issue, Addresses Arbitrary Code Execution Vulnerability

CVE-2024-23222

8.8HIGH

Key Information

Vendor
Apple
Status
iOS And iPad OS
TV OS
Mac OS
Vendor
CVE Published:
23 January 2024

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-23222 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 17.3

tvOS < 17.3

macOS < 14.3

News Articles

favicon imageSC Media

Apple patches zero day affecting operating systems for devices, Macs

Apple released a bevy of security updates to fix a slew of vulnerabilities in its products on Monday, including a zero day that “may have been exploited” in operating systems for its iPhones, iPads and Macintosh computers.

1 week ago

favicon imageForbes

iOS 17.3—Update Now Warning Issued To All iPhone Users

Apple has released iOS 17.3, along with an emergency security fix. Here's everything you need to know about Apple's latest iPhone update.

11 months ago

favicon imageMalwarebytes

Update now! Apple releases patch for zero-day vulnerability | Malwarebytes

Apple has released new security updates for several products including a patch for a zero-day vulnerability which has likely already been exploited.

11 months ago

References

https://support.apple.com/en-us/HT214059
https://support.apple.com/en-us/HT214055
https://support.apple.com/en-us/HT214061

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • 📰

    First article discovered by Tom's Guide

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database9 News Article(s)
.