Home Latest Cyber Security News | Network Security Hacking Apple Begins 2024 Patching A Zero-Day Under Attack

Apple Begins 2024 Patching A Zero-Day Under Attack

by Abeerah Hashim
Apple Safari WebKit zero-day allowed code execution

Apple began the new year 2024 with a zero-day patch that it simultaneously released for its numerous products. The tech giant confirmed active exploitation of the zero-day vulnerability that affected Apple TVs, Macs, and iOS devices.

Apple Zero-Day Riddled Macs, iPhones, And Apple TV Alike

The tech giant Apple released a serious zero-day vulnerability affecting multiple devices. Exploiting the vulnerability could allow an attacker to deploy malware on the target devices.

Apple didn’t explain details about the exact issue. However, the advisories it released for different products do state the vulnerability, alongside acknowledging its active exploitation.

Specifically, the vulnerability, CVE-2024-23222, is a type confusion vulnerability in the Safari WebKit. An attacker could exploit this flaw by tricking the user into opening maliciously crafted web pages. Once done, the attacker could execute arbitrary codes on the target device.

According to the advisory, Apple is aware of reports regarding active exploitation of this vulnerability. Besides, this issue, Apple also patched three other vulnerabilities affecting the browser. These include,

  • CVE-2024-23211: Apple patched an issue with browser Settings that could expose users’ private browsing activity.
  • CVE-2024-23206: Due to improper access restrictions, it became possible for an adversary to fingerprint a target user via a maliciously crafted webpage.
  • CVE-2024-23213: Another code execution vulnerability that an adversary could trigger via a maliciously crafted webpage.

Since this vulnerability affected Apple’s very own Safari browser, it consequently impacted all Apple products running the browser. Apple patched

Thus, Apple patched this vulnerability with iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, and Apple tvOS 17.3. Moreover, Apple also released this patch for other systems, with updates including macOS Monterey 12.7.3, macOS Ventura 13.6.4, and iOS 16.7.5 and iPadOS 16.7.5.

Hence now, all Apple users must ensure updating their devices with the latest OS updates. This security fix is especially important given that Apple has admitted its active exploitation in the wild. Apple devices’ zero-day exploits often lead to severe security risks, such as the recently reported fiasco that involved zero-day exploitation to deploy Predator spyware.

Let us know your thoughts in the comments.

You may also like