Safari Fixes Type Confusion Issue, Addresses Arbitrary Code Execution Vulnerability
Key Information
- Vendor
- Apple
- Status
- iOS And iPad OS
- TV OS
- Mac OS
- Vendor
- CVE Published:
- 23 January 2024
Badges
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-23222 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
iOS and iPadOS < 17.3
tvOS < 17.3
macOS < 14.3
News Articles
Forbes CVE-2024-23222iOS 17.3—Update Now Warning Issued To All iPhone Users
Apple has released iOS 17.3, along with an emergency security fix. Here's everything you need to know about Apple's latest iPhone update.
10 months ago
Malwarebytes CVE-2024-23222Update now! Apple releases patch for zero-day vulnerability | Malwarebytes
Apple has released new security updates for several products including a patch for a zero-day vulnerability which has likely already been exploited.
10 months ago
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine
The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats.
10 months ago
CVSS V3.1
Timeline
- đź‘ľ
Exploit exists.
Vulnerability published.
First article discovered by Tom's Guide
Vulnerability Reserved.