January 22, 2024 at 02:25PM
Apple released security updates to address the first zero-day vulnerability of the year, tracked as CVE-2024-23222, impacting iPhones, Macs, and Apple TVs. The WebKit confusion issue could be exploited by attackers, leading to arbitrary code execution. Devices running vulnerable iOS, macOS, and tvOS versions are affected. Security updates are available to prevent potential attacks.
From the meeting notes, I have gathered that Apple has released security updates to address a zero-day vulnerability tracked as CVE-2024-23222. This vulnerability impacts iPhones, Macs, and Apple TVs and is a WebKit confusion issue. Attackers could exploit this vulnerability to gain code execution on targeted devices by luring users to open a malicious web page.
Apple has addressed CVE-2024-23222 with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, macOS Monterey 12.7.3 and higher, and tvOS 17.3 and later. The list of affected devices is extensive, including various iPhone, iPad, Mac, and Apple TV models.
It’s important to note that while this vulnerability was likely used in targeted attacks, it is crucial for users to install the security updates as soon as possible to prevent potential attack attempts.
Furthermore, Apple also backported patches to older iPhone and iPad models for two other WebKit zero-days (CVE-2023-42916 and CVE-2023-42917) patched in November.
The meeting notes also mention that last year, Apple fixed a total of 20 zero-day flaws exploited in the wild.