Patch Now! Apple Devices Vulnerable to Zero-Day Attack (CVE-2024-23222)

Apple has released security updates for iOS, iPadOS, macOS, tvOS, and the Safari web browser to address a zero-day vulnerability that has been actively exploited.

The Type Confusion vulnerability, CVE-2024-23222, within the WebKit engine, allows an attacker to deceive victims into visiting malicious web content to execute arbitrary code. Apple has stated that the issue has been resolved through improved checks. While acknowledging awareness of the vulnerability’s exploitation, Apple has not disclosed any further details regarding the nature of the attacks or the cybercriminals exploiting the flaw.

The updates are available for the following devices and operating systems:

• iOS 17.3 and iPadOS 17.3 for iPhone XS and later, iPad Pro 12.9 inches (2nd generation) and later, iPad Pro 10.5 inches, iPad Pro 11 inches (1st generation) and later, iPad Air (3rd generation) and later, iPad (6th generation) and later, and iPad mini (5th generation) and later;
• iOS 16.7.5 and iPadOS 16.7.5 for iPhone 8, iPhone 8 Plus, iPhone X, iPad (5th generation), iPad Pro 9.7 inches, and iPad Pro 12.9 inches (1st generation);
• macOS Sonoma 14.3 for Mac computers running macOS Sonoma;
• macOS Ventura 13.6.4 for Mac computers running macOS Ventura;
• macOS Monterey 12.7.3 for Mac computers running macOS Monterey;
• tvOS 17.3 for Apple TV HD and Apple TV 4K (all models);
• Safari 17.3 for Mac computers running macOS Monterey and macOS Ventura.

This rectified vulnerability marks the first actively exploited zero-day vulnerability addressed by Apple in 2024. In November of the previous year, Apple issued emergency security updates to provisionally correct two actively exploited zero-day vulnerabilities in older iPhones and some models of Apple Watch and Apple TV. According to the company, the issue could have been utilized in versions of iOS up to iOS 16.7.1.