Security News > 2024 > January > Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)
Apple has fixed an actively exploited zero-day vulnerability that affects Macs, iPhones, iPads and AppleTVs.
CVE-2024-23222 is a type confusion issue that affects WebKit - Apple's browser engine used in the Safari web browser and all iOS and iPadOS web browsers.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple noted in the software release notes.
iOS 17.3 and iPadOS 17.3 - For iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
iOS 16.7.5 and iPadOS 16.7.5 - For iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
TvOS 17.3 - For Apple TV HD and Apple TV 4K. Apple has also finally backported patches for previously exploited zero-days to iOS 15.8.1 and iPadOS 15.8.1 for older iPhones and iPads.
News URL
https://www.helpnetsecurity.com/2024/01/23/cve-2024-23222/
Related news
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2024-23222 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |