Security News > 2024 > January > Apple fixes first zero-day bug exploited in attacks this year
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that attackers could exploit to gain code execution on targeted devices.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple said today.
Apple addressed CVE-2024-23222 with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, and macOS Monterey 12.7.3 and higher, as well as on tvOS 17.3 and later.
Apple TV HD and Apple TV 4K. While this zero-day vulnerability was likely only used in targeted attacks, installing today's security updates as soon as possible is highly advised to block potential attack attempts.
Apple fixes two new iOS zero-days in emergency updates.
Apple emergency updates fix recent zero-days on older iPhones.
News URL
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New GoFetch attack on Apple Silicon CPUs can steal crypto keys (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-23 | CVE-2024-23222 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |