Fix for Critical Zero-Day in iPhones and Macs Released by Apple - Update Now
22 Jan

Fix for Critical Zero-Day in iPhones and Macs Released by Apple - Update Now

Sabbir Rahman Technology 12 Comments
Fix for Critical Zero-Day in iPhones and Macs Released by Apple - Update Now

In response to a zero-day vulnerability that is being actively exploited in the wild, Apple provided security upgrades on Monday for the Safari web browser, iOS, iPadOS, macOS, tvOS, and Linux.

The problem, identified as CVE-2024-23222, is a type misunderstanding bug that, when processing maliciously created online content, could be used by a threat actor to accomplish arbitrary code execution. The tech behemoth claimed that better checks had resolved the issue.

In general, type confusion vulnerabilities have the potential to be used as a weapon to execute arbitrary code, cause a crash, or accomplish out-of-bounds memory access.

In a succinct alert, Apple stated that it is "aware of a report that this issue may have been exploited," but it provided no other information regarding the type of attacks or the threat actors taking advantage of the vulnerability.


The following hardware and operating systems can receive the updates:

  • iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later are all compatible with iOS 17.3 and iPadOS 17.3.
    First-generation iPad Pro 12.9-inch and 9.7-inch, iPad 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iOS 16.7.5 and iPadOS 16.7.5
    Mac computers running macOS Sonoma 14.3
  • Ventura for macOS Macs running macOS Ventura (13.6.4)
  • Monterey on macOS 12.7.3 - Macs with Monterey macOS
  • Apple TV HD and Apple TV 4K (all variants) are running tvOS 17.3.
  • Macs running macOS Monterey and macOS Ventura with Safari 17.3

This is the first time Apple has patched a zero-day vulnerability that has been actively exploited this year. The manufacturer of iPhones fixed 20 zero-day vulnerabilities that were used in actual assaults last year.

Furthermore, Apple has released patches for CVE-2023-42916 and CVE-2023-42917 in December 2023, and they have been backported to older devices.

  • iPhone 6s (all models), iPhone 7 (all models), iPhone SE (first generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) are compatible with iOS 15.8.1 and iPadOS 15.8.1.

The announcement coincides with another claim that Chinese authorities have disclosed that they have employed a rainbow table-based method to assist law enforcement in identifying senders of illicit content by leveraging previously identified weaknesses in Apple's AirDrop capabilities.
 

Share this Post

Comments

Leave a comment

Related Article