Apple releases patch for critical Zero-Day on iPhone and Mac

Apple releases patch for critical Zero-Day on iPhone and Mac

January 23, 2024newsroomVulnerability/device security

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and the Safari web browser to address a zero-day vulnerability that has been actively exploited in the wild.

The case, as follows CVE-2024-23222, is a confusion-type bug that can be exploited by a threat actor to execute arbitrary code when processing maliciously crafted web content. The tech giant said the issue was resolved through improved scanning processes.

Cyber ​​security

In general, type confusion vulnerabilities can be weaponized to perform out-of-bounds memory access, or may lead to a crash and execution of arbitrary code.

Apple, in a brief advisory, acknowledged that it was “aware of a report that this issue may have been exploited,” but did not share any further details about the nature of the attacks or which threat actors are taking advantage of the flaw.

Updates are available for the following devices and operating systems –

  • iOS 17.3 and iPadOS 17.3 – iPhone
  • iOS 16.7.5 and iPadOS 16.7.5 – iPhone 8, iPhone 8 Plus, iPhone
  • Mac Sonoma 14.3 – Macs running macOS Sonoma
  • Mac Ventura 13.6.4 – Macs running macOS Ventura
  • Mac Monterey 12.7.3 – Macs running macOS Monterey
  • TVOS 17.3 – Apple TV HD and Apple TV 4K (all models)
  • Safari 17.3 – Macs running macOS Monterey and macOS Ventura

This development marks the first actively exploited vulnerability to be patched by Apple this year. Last year, the iPhone maker addressed 20 days of attacks that were used in real-life attacks.

Cyber ​​security

In addition, Apple has also moved fixes for CVE-2023-42916 and CVE-2023-42917 – whose patches were released in December 2023 – to older devices –

  • iOS 15.8.1 and iPadOS 15.8.1 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation)

The revelation also comes on the heels of a report that Chinese authorities revealed they used previously known vulnerabilities in Apple’s AirDrop function to help law enforcement identify senders of inappropriate content, using technology based on rainbow tables.

Found this article interesting? Follow us Twitter And LinkedIn to read more of our exclusive content.

(tags for translation)Cybersecurity News

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *