Apple on Monday introduced security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to tackle a zero-day flaw that has appear below energetic exploitation in the wild.
The issue, tracked as CVE-2024-23222, is a style confusion bug that could be exploited by a menace actor to achieve arbitrary code execution when processing maliciously crafted web information. The tech huge said the problem was fixed with improved checks.
Sort confusion vulnerabilities, in standard, could be weaponized to perform out-of-bounds memory obtain, or guide to a crash and arbitrary code execution.
Apple, in a terse advisory, acknowledged that it is really “knowledgeable of a report that this issue may perhaps have been exploited,” but did not share any other particulars about the character of attacks or the menace actors leveraging the shortcoming.
The updates are out there for the pursuing devices and operating systems –
- iOS 17.3 and iPadOS 17.3 – iPhone XS and afterwards, iPad Pro 12.9-inch 2nd era and afterwards, iPad Pro 10.5-inch, iPad Pro 11-inch 1st era and later, iPad Air 3rd generation and afterwards, iPad 6th technology and later on, and iPad mini 5th generation and later on
- iOS 16.7.5 and iPadOS 16.7.5 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th technology, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- macOS Sonoma 14.3 – Macs functioning macOS Sonoma
- macOS Ventura 13.6.4 – Macs operating macOS Ventura
- macOS Monterey 12.7.3 – Macs jogging macOS Monterey
- tvOS 17.3 – Apple Tv set High definition and Apple Tv set 4K (all versions)
- Safari 17.3 – Macs running macOS Monterey and macOS Ventura
The enhancement marks the very first actively exploited zero-working day vulnerability to be patched by Apple this 12 months. Past yr, the iPhone maker experienced resolved 20 zero-times that have been used in serious-entire world attacks.
In addition, Apple has also backported fixes for CVE-2023-42916 and CVE-2023-42917 – patches for which were produced in December 2023 – to more mature products –
- iOS 15.8.1 and iPadOS 15.8.1 – iPhone 6s (all types), iPhone 7 (all products), iPhone SE (1st era), iPad Air 2, iPad mini (4th generation), and iPod touch (7th technology)
The disclosure also follows a report that Chinese authorities uncovered that they have used formerly identified vulnerabilities in Apple’s AirDrop operation to help regulation enforcement to recognize senders of inappropriate material, making use of a system based mostly on rainbow tables.
Observed this write-up exciting? Stick to us on Twitter and LinkedIn to read additional special content material we publish.
Some pieces of this short article are sourced from: