Exposed: iPhones & Macs Vulnerable to Apple’s Critical Zero-day Flaw

January 23, 2024
1 min read

TLDR:

  • Apple has released a patch for a zero-day vulnerability that affected several Apple products, including tvOS, iOS, iPadOS, macOS, and Safari.
  • The vulnerability, tracked under the CVE ID CVE-2024-23222, is associated with Type confusion and could lead to arbitrary code execution on affected products.

Apple has issued a patch for a zero-day vulnerability that impacted various Apple products, including tvOS, iOS, iPadOS, macOS, and Safari. The vulnerability, known as CVE-2024-23222, is categorized as a Type confusion vulnerability, which occurs when a resource is accessed with an incompatible type, leading to logical errors. Threat actors can exploit this vulnerability by crafting malicious web content, potentially allowing for arbitrary code execution on affected devices.

According to Apple’s security advisories, this vulnerability exists in the WebKit component and affects a range of Apple products, including iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. The vulnerability also affects iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. macOS Monterey, macOS Ventura, and macOS Sonoma, as well as Apple TV HD and Apple TV 4K (all models), are also vulnerable.

In addition to patching this zero-day vulnerability, Apple also released several other security updates that addressed various vulnerabilities affecting different components and products. Users of the affected Apple products are advised to install the latest security updates to protect themselves from potential exploitation by threat actors.

Overall, the identification and patching of this zero-day vulnerability demonstrate Apple’s commitment to ensuring the security and safety of its users’ devices and data. It is crucial for users to stay updated with the latest security patches and updates to mitigate the risks associated with these types of vulnerabilities.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and