Apple WebKit Zero-Day vulnerability (CVE-2024-23222)

Published On: Jan 25, 2024 15:27

Advisory No: TZCERT/SA/2024/01/24

Source: Apple

Software Affected: Safari 17.3 – For Macs running macOS Monterey and macOS Ventura iOS 17.3 and iPadOS 17.3 – For iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later iOS 16.7.5 and iPadOS 16.7.5 – For iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation macOS Sonoma 14.3 – For Macs running macOS Sonoma macOS Ventura 13.6.4 – For Macs running macOS Ventura macOS Monterey 12.7.3 – For Macs running macOS Monterey tvOS 17.3 – For Apple TV HD and Apple TV 4K (all models)

Overview

Apple has released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browsers to address a zero-day vulnerability that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to cause arbitrary code execution.

Description

The vulnerability (CVE-2024-23222, CVSS score: 7.5) is a type of confusion flaw in WebKit, Apple’s web browser engine. The vulnerability could allow attackers to execute arbitrary code while the victim device processes maliciously crafted web content.

Impact

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution

Apple has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident