Apple Critical Zero-day Flaw Exposes iPhones & Macs

Apple has released its first zero-day vulnerability patch of 2024, which affected several Apple products, including tvOS, iOS, iPadOS, macOS, and Safari. The zero-day is tracked under the CVE ID CVE-2024-23222, and the severity of this vulnerability is yet to be categorized.

Apple stated that they are aware of this vulnerability being exploited by threat actors in the wild and urges all users to patch their Apple products accordingly.

CVE-2024-23222 – Type Confusion Vulnerability

This vulnerability is associated with Type confusion, which arises when a resource is accessed with an incompatible type that could lead to logical errors. A threat actor can exploit this vulnerability by crafting malicious web content, which could lead to arbitrary code execution on affected products.

Moreover, according to Apple’s security advisories, this vulnerability exists in the WebKit component and is prevalent on several Apple products, both old ones and new ones. Products affected by this vulnerability include 

• iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
• iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
• macOS Monterey, macOS Ventura and macOS Sonoma
• Apple TV HD and Apple TV 4K (all models)

Moreover, several other security updates were also published by Apple that patched multiple other vulnerabilities affecting different components and products. 

It is recommended that users of all the affected Apple products patch with the latest security updates to prevent the exploitation of these vulnerabilities by threat actors.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. Free demo available.