CVE ID
CVE-2024-23222
Vulnerability Name
Apple Multiple Products WebKit Type Confusion Vulnerability
- Project: Apple
- Product: Multiple Products
Date
- Date Added: 2024-01-23
- Due Date: 2024-02-13
Description
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.apple.com/en-us/HT214055, https://support.apple.com/en-us/HT214056, https://support.apple.com/en-us/HT214057, https://support.apple.com/en-us/HT214058, https://support.apple.com/en-us/HT214059, https://support.apple.com/en-us/HT214061, https://support.apple.com/en-us/HT214063 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23222
Related Security News
- Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
- Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13β17.2.1
- Apple fixes this yearβs first actively exploited zero-day bug
- Apple backports fix for zero-day exploited in attacks to older iPhones
Top comments (0)