Security News > 2024 > January > Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)
2024-01-23 11:35

Apple has fixed an actively exploited zero-day vulnerability that affects Macs, iPhones, iPads and AppleTVs.

CVE-2024-23222 is a type confusion issue that affects WebKit - Apple's browser engine used in the Safari web browser and all iOS and iPadOS web browsers.

"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple noted in the software release notes.

iOS 17.3 and iPadOS 17.3 - For iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

iOS 16.7.5 and iPadOS 16.7.5 - For iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

TvOS 17.3 - For Apple TV HD and Apple TV 4K. Apple has also finally backported patches for previously exploited zero-days to iOS 15.8.1 and iPadOS 15.8.1 for older iPhones and iPads.


News URL

https://www.helpnetsecurity.com/2024/01/23/cve-2024-23222/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-23222 Type Confusion vulnerability in Apple products
A type confusion issue was addressed with improved checks.
network
low complexity
apple CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 135 565 4109 1575 2442 8691
Webkit 3 0 8 3 0 11