Apple Addresses First 2024 Zero-Day Exploited in Live Attacks Targeting iPhones, Macs, and Apple TVs
In a response to the first zero-day vulnerability exploited in live attacks this year, Apple has released crucial security updates aimed at safeguarding iPhones, Macs, and Apple TVs. The zero-day, identified as CVE-2024-23222 and affecting WebKit, presented a potential avenue for attackers to achieve code execution on targeted devices.
The particular vulnerability, rooted in a WebKit confusion issue, could be exploited through maliciously crafted web content. Successful manipulation of this flaw could lead to the execution of arbitrary malicious code on devices running vulnerable versions of iOS, macOS, and tvOS, specifically when users access a compromised web page.
Acknowledging the severity of the issue, Apple stated, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.” Although the company has not attributed the discovery to a specific researcher, it has acknowledged the existence of in-the-wild exploitation.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Apple has taken proactive measures to address CVE-2024-23222, implementing enhanced checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, macOS Monterey 12.7.3 and higher, as well as tvOS 17.3 and later. The impacted devices span a wide range, encompassing various iPhone models, iPads, Macs running macOS Monterey and later, and Apple TV HD and Apple TV 4K (all models).
While the zero-day vulnerability is likely to have been utilized in targeted attacks, users are strongly advised to install the security updates promptly to mitigate potential risks. Apple’s commitment to user security is evident in its efforts to backport patches for two other WebKit zero-days (CVE-2023-42916 and CVE-2023-42917) patched in November, extending protection to older iPhone and iPad models.
Trending: Jeff Foley – OWASP Amass Founder
Trending: OSINT Tool: apk2url
In the previous year, Apple faced and promptly resolved a total of 20 zero-day vulnerabilities exploited in the wild, underscoring the company’s dedication to maintaining the security and integrity of its ecosystem.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
