Apple has released new security updates for several products, including a patch for a zero-day vulnerability that could impact iPhones, iPad, Macs, and Apple TVs.
Apple says it’s aware of a report that the bug may have been exploited already. Further details about the nature of the vulnerability were not disclosed to give users enough time to install the updates.
The updates may already have reached you if you automatically update, but it doesn’t hurt to check you’re on the latest version.
Updates are available for:
|macOS Monterey and macOS Ventura
|iOS 17.3 and iPadOS 17.3
|iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
|iOS 16.7.5 and iPadOS 16.7.5
|iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
|iOS 15.8.1 and iPadOS 15.8.1
|iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
|macOS Sonoma 14.3
|macOS Ventura 13.6.4
|macOS Monterey 12.7.3
|Apple Watch Series 4 and later
|Apple TV HD and Apple TV 4K (all models)
The zero-day vulnerability is listed as CVE-2024-23222: a type confusion issue in WebKit that was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Several other vulnerabilities in WebKit, which is the browser engine that powers Safari and other apps, were patched as well.
The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by February 13, 2024 in order to protect their devices against active threats.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.