Security News > 2024 > January > Apple fixes first zero-day bug exploited in attacks this year
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that attackers could exploit to gain code execution on targeted devices.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple said today.
Apple addressed CVE-2024-23222 with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, and macOS Monterey 12.7.3 and higher, as well as on tvOS 17.3 and later.
Apple TV HD and Apple TV 4K. While this zero-day vulnerability was likely only used in targeted attacks, installing today's security updates as soon as possible is highly advised to block potential attack attempts.
Apple fixes two new iOS zero-days in emergency updates.
Apple emergency updates fix recent zero-days on older iPhones.
News URL
Related news
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2024-23222 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |