A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Apple WebKit Zero-Day vulnerability (CVE-2024-23222)

Apple WebKit Zero-Day vulnerability (CVE-2024-23222)

Advisory No: TZCERT/SA/2024/01/24

Date of First Release: 24th January 2024

Source: Apple

Software Affected:

  • Safari 17.3 – For Macs running macOS Monterey and macOS Ventura
  • iOS 17.3 and iPadOS 17.3 – For iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
  • iOS 16.7.5 and iPadOS 16.7.5 – For iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
  • macOS Sonoma 14.3 – For Macs running macOS Sonoma
  • macOS Ventura 13.6.4 – For Macs running macOS Ventura
  • macOS Monterey 12.7.3 – For Macs running macOS Monterey
  • tvOS 17.3 – For Apple TV HD and Apple TV 4K (all models)

Overview:

Apple has released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browsers to address a zero-day vulnerability that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to cause arbitrary code execution.

Description:

The vulnerability (CVE-2024-23222, CVSS score: 7.5) is a type of confusion flaw in WebKit, Apple’s web browser engine. The vulnerability could allow attackers to execute arbitrary code while the victim device processes maliciously crafted web content.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Apple has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.

References:

  1. https://support.apple.com/en-us/HT201222
  2. https://www.helpnetsecurity.com/2024/01/23/cve-2024-23222/
  3. https://nvd.nist.gov/vuln/detail/CVE-2024-23222

Check Also

Critical Vulnerability in WordPress Bricks Plug-in (CVE-2024-25600)

Advisory No: TZCERT/SA/2024/02/22 Date of First Release: 22nd February 2024 Source: WordPress plugin Bricks Builder …