Apple fixed actively exploited zero-day CVE-2024-23222

3 months ago AndyC

Apple fixed actively exploited zero-day CVE-2024-23222

Pierluigi Paganini
January 22, 2024

Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild.

Apple fixed actively exploited zero-day CVE-2024-23222

Apple fixed actively exploited zero-day CVE-2024-23222

Pierluigi Paganini
January 22, 2024

Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild.

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year.

The vulnerability is a type confusion issue that resides in the WebKit, an attacker can exploit this issue by tricking the victims into visiting maliciously crafted web content to achieve arbitrary code execution. 

“Processing maliciously crafted web content may lead to arbitrary code execution.” reads the advisory published by the company. “Apple is aware of a report that this issue may have been exploited.”

The IT giant addressed the vulnerability with improved checks. The issue has been fixed in iOS 16.7.5 and later, iPadOS 16.7.5 and later, and macOS Monterey 12.7.3 and later, and with tvOS 17.3 and later.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2024-23222)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , ,

More Stories

Blackbasta gang Synlab Italia attack

Blackbasta gang Synlab Italia attack

14 hours ago AndyC
LockBit published data stolen from Simone Veil hospital in Cannes

LockBit published data stolen from Simone Veil hospital in Cannes

1 day ago AndyC

Friday Squid Blogging: Squid Purses

1 day ago AndyC
Russia-linked APT28 and crooks are still using the Moobot botnet

Russia-linked APT28 and crooks are still using the Moobot botnet

2 days ago AndyC

My TED Talks – Schneier on Security

2 days ago AndyC
Dirty stream attack poses billions of Android installs at risk

Dirty stream attack poses billions of Android installs at risk

2 days ago AndyC

You may have missed

Pay up, or else? – Week in security with Tony Anscombe

11 hours ago AndyC
Blackbasta gang Synlab Italia attack

Blackbasta gang Synlab Italia attack

14 hours ago AndyC
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities

21 hours ago AndyC
Your Google Account allows you to create passkeys on your phone, computer and security keys

Your Google Account allows you to create passkeys on your phone, computer and security keys

21 hours ago AndyC
Your Google Account allows you to create passkeys on your phone, computer and security keys

Detecting browser data theft using Windows Event Logs

21 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.