Apple resolves the first zero-day bug exploited in attacks this year

Home/apple, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update, Zero Day Attack/Apple resolves the first zero-day bug exploited in attacks this year

Apple resolves the first zero-day bug exploited in attacks this year

Apple has issued security updates to tackle the first zero-day vulnerability of the year, which has been exploited in attacks and could affect iPhones, Macs, and Apple TVs.

The zero-day addressed today is identified as CVE-2024-23222 [iOS, macOS, tvOS, Safari], representing a WebKit confusion issue exploitable by attackers to achieve code execution on specific devices.

Upon successful exploitation, threat actors can execute arbitrary malicious code on devices running susceptible iOS, macOS, and tvOS versions simply by visiting a malicious web page.

“Execution of arbitrary code may occur when processing maliciously crafted web content. Apple acknowledges a report suggesting potential exploitation of this issue,” stated Apple today.

Apple has resolved CVE-2024-23222 by implementing enhanced checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, macOS Monterey 12.7.3 and higher, and also in tvOS 17.3 and later.

The extensive list of devices impacted by this WebKit zero-day includes both older and newer models:

  1. iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
  2. iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
  3. Macs running macOS Monterey and later
  4. Apple TV HD and Apple TV 4K (all models)

Although this zero-day vulnerability was probably employed in targeted attacks, it is strongly recommended to install the latest security updates promptly to thwart potential attack attempts.

Today, Apple has also retroactively applied patches to older iPhone and iPad models for two additional WebKit zero-days (CVE-2023-42916 and CVE-2023-42917) that were addressed in November for newer devices.

Last year, the company addressed a total of 20 zero-day vulnerabilities exploited in the wild, distributed across the months as follows:

  • Two zero-days (CVE-2023-42916 and CVE-2023-42917) in November
  • Two zero-days (CVE-2023-42824 and CVE-2023-5217) in October
  • Five zero-days (CVE-2023-41061, CVE-2023-41064, CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993) in September
  • Two zero-days (CVE-2023-37450 and CVE-2023-38606) in July
  • Three zero-days (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439) in June
  • Three additional zero-days (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) in May
  • Two zero-days (CVE-2023-28206 and CVE-2023-28205) in April
  • Another WebKit zero-day (CVE-2023-23529) in February

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!