Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
The issue, tracked as CVE-2024-23222, is a type confusion bug in the WebKit browser engine that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem was fixed with improved checks.
Type confusion vulnerabilities, in general, could be weaponized to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.
The updates are available for the following devices and operating systems –
- iOS 17.3 and iPadOS 17.3 – iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- iOS 16.7.5 and iPadOS 16.7.5 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- macOS Sonoma 14.3 – Macs running macOS Sonoma
- macOS Ventura 13.6.4 – Macs running macOS Ventura
- macOS Monterey 12.7.3 – Macs running macOS Monterey
- tvOS 17.3 – Apple TV HD and Apple TV 4K (all models)
- Safari 17.3 – Macs running macOS Monterey and macOS Ventura
In addition, Apple has backported fixes for CVE-2023-42916 and CVE-2023-42917 – patches for which were first released in December 2023 – to older devices –
- iOS 15.8.1 and iPadOS 15.8.1 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
Source: https://thehackernews.com/