Apple fixed actively exploited zero-day CVE-2024-23222

Pierluigi Paganini January 22, 2024

Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild.

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year.

The vulnerability is a type confusion issue that resides in the WebKit, an attacker can exploit this issue by tricking the victims into visiting maliciously crafted web content to achieve arbitrary code execution. 

“Processing maliciously crafted web content may lead to arbitrary code execution.” reads the advisory published by the company. “Apple is aware of a report that this issue may have been exploited.”

The IT giant addressed the vulnerability with improved checks. The issue has been fixed in iOS 16.7.5 and later, iPadOS 16.7.5 and later, and macOS Monterey 12.7.3 and later, and with tvOS 17.3 and later.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2024-23222)

you might also like

leave a comment