Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that attackers could exploit to gain code execution on targeted devices.
Successful exploitation enables threat actors to execute arbitrary malicious code on devices running vulnerable iOS, macOS, and tvOS versions after opening a malicious web page.
The company has yet to attribute the discovery of this security vulnerability to a security researcher.
Although the company disclosed that it's aware of in-the-wild exploitation, it has yet to publish further details regarding these attacks.
Apple addressed CVE-2024-23222 with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, and macOS Monterey 12.7.3 and higher, as well as on tvOS 17.3 and later.
iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
Apple TV HD and Apple TV 4K. While this zero-day vulnerability was likely only used in targeted attacks, installing today's security updates as soon as possible is highly advised to block potential attack attempts.
Today, Apple also backported patches to older iPhone and iPad models for two other WebKit zero-days patched in November.
Three more zero-days in May. two zero-days in April.
Apple fixes two new iOS zero-days in emergency updates.
iPhone Triangulation attack abused undocumented hardware feature.
Apple emergency updates fix recent zero-days on older iPhones.
iShutdown scripts can help detect iOS spyware on your iPhone.
Ivanti Connect Secure zero-days now under mass exploitation.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 22 Jan 2024 19:30:27 +0000