Security News > 2024 > January > Apple fixes first zero-day bug exploited in attacks this year

Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that attackers could exploit to gain code execution on targeted devices.

"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple said today.

Apple addressed CVE-2024-23222 with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, and macOS Monterey 12.7.3 and higher, as well as on tvOS 17.3 and later.

Apple TV HD and Apple TV 4K. While this zero-day vulnerability was likely only used in targeted attacks, installing today's security updates as soon as possible is highly advised to block potential attack attempts.

Apple fixes two new iOS zero-days in emergency updates.

Apple emergency updates fix recent zero-days on older iPhones.

News URL

https://www.bleepingcomputer.com/news/apple/apple-fixes-first-zero-day-bug-exploited-in-attacks-this-year/