Apple patches 2024’s first zero-day

4 months ago AndyC

Apple’s first zero-day of 2024 has been disclosed, with fixes pushed out for MacOS, iOS, and iPadOS.

Apple patches 2024's first zero-day

Apple’s first zero-day of 2024 has been disclosed, with fixes pushed out for MacOS, iOS, and iPadOS.




Apple patches 2024's first zero-day










Apple’s description of CVE-2024-23222 states only that the bug is a type confusion in Webkit, and that the company “is aware of a report that this issue may have been exploited”.

“Processing maliciously crafted web content may lead to arbitrary code execution”, Apple noted.

Fixes have been published for iPhones and iPads, and Macs running macOS Ventura and Monterey.

Apple also applied a patch to a critical-rated bug in the curl URL retrieval library that was first disclosed during 2023.

CVE-2023-38545 (CVSS score 9.8) is a heap-based buffer overflow during the SOCKS5 proxy handshake, described in detail by the curl project here.

It’s one of four curl bugs updated in Ventura and Monterey by updating to curl version 8.4.0.

Other fixes in the security roll-up plug bugs in the Apple Neural Engine, accessibility features, core data, finder, ImageIO, the login window, Apple Mail search, and the NSOpenPanel function in AppKit.



About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Red Hat unveils policy as code for Ansible Automation Platform

Red Hat unveils policy as code for Ansible Automation Platform

10 hours ago AndyC
Akamai to acquire Noname Security, bolstering API security solutions

Akamai to acquire Noname Security, bolstering API security solutions

10 hours ago AndyC
CrowdStrike unveils ground-breaking AI-native SOC functions

CrowdStrike unveils ground-breaking AI-native SOC functions

13 hours ago AndyC
Skylight Cyber unveils free NIST CSF 2.0 converter tool

Skylight Cyber unveils free NIST CSF 2.0 converter tool

13 hours ago AndyC
<div>Australians favour IT & language skills, Udemy report reveals</div>

Australians favour IT & language skills, Udemy report reveals

13 hours ago AndyC
<div>ACS seeks tech professionals' views for Digital Pulse report</div>

ACS seeks tech professionals’ views for Digital Pulse report

13 hours ago AndyC

You may have missed

Disrupting the enterprise: How AI is redefining people, process, and productivity

Disrupting the enterprise: How AI is redefining people, process, and productivity

48 mins ago AndyC

Latest NICE Framework Update Offers Improvements for the Cybersecurity Workforce

4 hours ago AndyC
Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

4 hours ago AndyC
Zscaler is investigating data breach claims

Zscaler is investigating data breach claims

4 hours ago AndyC
Cancer patients' sensitive information accessed by

Cancer patients’ sensitive information accessed by “unidentified parties” after being left exposed by screening lab for years

4 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.