Apple on Monday launched safety updates for iOS, iPadOS, macOS, tvOS, and Safari internet browser to handle a zero-day flaw that has come beneath energetic exploitation within the wild.
The problem, tracked as CVE-2024-23222, is a kind confusion bug that may very well be exploited by a menace actor to realize arbitrary code execution when processing maliciously crafted internet content material. The tech big mentioned the issue was mounted with improved checks.
Sort confusion vulnerabilities, on the whole, may very well be weaponized to carry out out-of-bounds reminiscence entry, or result in a crash and arbitrary code execution.
Apple, in a terse advisory, acknowledged that it is “conscious of a report that this concern might have been exploited,” however didn’t share every other specifics concerning the nature of assaults or the menace actors leveraging the shortcoming.
The updates can be found for the next gadgets and working programs –
- iOS 17.3 and iPadOS 17.3 – iPhone XS and later, iPad Professional 12.9-inch 2nd era and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad sixth era and later, and iPad mini fifth era and later
- iOS 16.7.5 and iPadOS 16.7.5 – iPhone 8, iPhone 8 Plus, iPhone X, iPad fifth era, iPad Professional 9.7-inch, and iPad Professional 12.9-inch 1st era
- macOS Sonoma 14.3 – Macs operating macOS Sonoma
- macOS Ventura 13.6.4 – Macs operating macOS Ventura
- macOS Monterey 12.7.3 – Macs operating macOS Monterey
- tvOS 17.3 – Apple TV HD and Apple TV 4K (all fashions)
- Safari 17.3 – Macs operating macOS Monterey and macOS Ventura
The event marks the primary actively exploited zero-day vulnerability to be patched by Apple this yr. Final yr, the iPhone maker had addressed 20 zero-days which were employed in real-world assaults.
As well as, Apple has additionally backported fixes for CVE-2023-42916 and CVE-2023-42917 – patches for which had been launched in December 2023 – to older gadgets –
- iOS 15.8.1 and iPadOS 15.8.1 – iPhone 6s (all fashions), iPhone 7 (all fashions), iPhone SE (1st era), iPad Air 2, iPad mini (4th era), and iPod contact (seventh era)
The disclosure additionally follows a report that Chinese language authorities revealed that they’ve used beforehand identified vulnerabilities in Apple’s AirDrop performance to assist legislation enforcement to establish senders of inappropriate content material, utilizing a way based mostly on rainbow tables.
