A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Apple WebKit Zero-Day vulnerability (CVE-2024-23222)

Apple WebKit Zero-Day vulnerability (CVE-2024-23222)

Advisory No: TZCERT/SA/2024/01/24

Date of First Release: 24th January 2024

Source: Apple

Software Affected:

  • Safari 17.3 – For Macs running macOS Monterey and macOS Ventura
  • iOS 17.3 and iPadOS 17.3 – For iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
  • iOS 16.7.5 and iPadOS 16.7.5 – For iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
  • macOS Sonoma 14.3 – For Macs running macOS Sonoma
  • macOS Ventura 13.6.4 – For Macs running macOS Ventura
  • macOS Monterey 12.7.3 – For Macs running macOS Monterey
  • tvOS 17.3 – For Apple TV HD and Apple TV 4K (all models)


Apple has released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browsers to address a zero-day vulnerability that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to cause arbitrary code execution.


The vulnerability (CVE-2024-23222, CVSS score: 7.5) is a type of confusion flaw in WebKit, Apple’s web browser engine. The vulnerability could allow attackers to execute arbitrary code while the victim device processes maliciously crafted web content.


Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.


Apple has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.


  1. https://support.apple.com/en-us/HT201222
  2. https://www.helpnetsecurity.com/2024/01/23/cve-2024-23222/
  3. https://nvd.nist.gov/vuln/detail/CVE-2024-23222

Check Also

Multiple critical vulnerabilities affecting WordPress (CVE-2024-3604, CVE-2024-6314, CVE-2024-6313, CVE-2024-6365)

Advisory No: TZCERT/SA/2024/07/10-2 Date of First Release: 10th July 2024 Source: Wordfence Software Affected: osm, …