Security News > 2024 > January > Apple fixes first zero-day bug exploited in attacks this year

Apple fixes first zero-day bug exploited in attacks this year
2024-01-22 19:20

Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that attackers could exploit to gain code execution on targeted devices.

"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple said today.

Apple addressed CVE-2024-23222 with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, and macOS Monterey 12.7.3 and higher, as well as on tvOS 17.3 and later.

Apple TV HD and Apple TV 4K. While this zero-day vulnerability was likely only used in targeted attacks, installing today's security updates as soon as possible is highly advised to block potential attack attempts.

Apple fixes two new iOS zero-days in emergency updates.

Apple emergency updates fix recent zero-days on older iPhones.


News URL

https://www.bleepingcomputer.com/news/apple/apple-fixes-first-zero-day-bug-exploited-in-attacks-this-year/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-23222 Type Confusion vulnerability in Apple products
A type confusion issue was addressed with improved checks.
network
low complexity
apple CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 128 578 4194 1589 2394 8755