January 31, 2024 at 01:34PM
Summary:
Apple released an update on January 31, 2024, addressing CVE-2024-23222, a type confusion issue in WebKit. The update includes improved checks to prevent arbitrary code execution from malicious web content. Apple is investigating reports of potential exploitation and has made the update available for Apple Vision Pro.
Based on the meeting notes, here are the key takeaways:
– The Apple ID for the reported issue is HT214070.
– The release date for the update addressing the issue is 2024-01-31.
– The identified vulnerability is CVE-2024-23222.
– The issue relates to a type confusion problem and has been remedied through improved checks.
– The impact of the vulnerability is that processing maliciously crafted web content may lead to arbitrary code execution.
– It has been acknowledged that there are reports of the issue being exploited.
– The affected product is WebKit.
– An update for Apple Vision Pro is available to address this issue.