Tuesday, January 23, 2024

Apple has released fixes for the first 0-day of 2024

Apple has released security updates to address CVE-2024-23222, a critical vulnerability that was being exploited in attacks. This issue is a type confusion problem within WebKit, a browser engine used in Apple's Safari browser as well as all iOS and macOS browsers. The vulnerability could potentially allow threat actors to execute arbitrary malicious code on devices after users open a malicious web page.

The updates addressing this issue have been implemented in several Apple products:

  1. iOS 16.7.5 and later: This update is available for a range of devices including iPhone 8, iPhone 8 Plus, iPhone X, and various models of iPad. The update improves checks to mitigate the risk posed by this vulnerability.
  2. iPadOS 16.7.5 and later: Similar to the iOS update, this affects various iPad models and includes improved checks to address the vulnerability.
  3. macOS Monterey 12.7.3 and higher: Mac users are also affected by this vulnerability, with updates available for macOS Monterey and later versions.
  4. tvOS 17.3 and later: This update includes Apple TV HD and Apple TV 4K models, ensuring the security issue is mitigated across Apple's ecosystem.

The CVE-2024-23222 vulnerability is part of a larger set of security updates released by Apple. These updates address various issues across multiple products, reinforcing the importance of keeping devices up to date with the latest security patches. While the exploitation of this zero-day vulnerability was likely limited to targeted attacks, Apple strongly recommends users to install the security updates as soon as possible to prevent potential attack attempts. In addition to this, Apple has also provided patches for two other WebKit zero-days to older iPhone and iPad models, which were initially patched in November.

Please visit the links below for more details











No comments:

Post a Comment