Advisory No: TZCERT/SA/2024/01/24
Date of First Release: 24th January 2024
Source: Apple
Software Affected:
- Safari 17.3 – For Macs running macOS Monterey and macOS Ventura
- iOS 17.3 and iPadOS 17.3 – For iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- iOS 16.7.5 and iPadOS 16.7.5 – For iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- macOS Sonoma 14.3 – For Macs running macOS Sonoma
- macOS Ventura 13.6.4 – For Macs running macOS Ventura
- macOS Monterey 12.7.3 – For Macs running macOS Monterey
- tvOS 17.3 – For Apple TV HD and Apple TV 4K (all models)
Overview:
Apple has released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browsers to address a zero-day vulnerability that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to cause arbitrary code execution.
Description:
The vulnerability (CVE-2024-23222, CVSS score: 7.5) is a type of confusion flaw in WebKit, Apple’s web browser engine. The vulnerability could allow attackers to execute arbitrary code while the victim device processes maliciously crafted web content.
Impact:
Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.
Solution:
Apple has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.
References: