{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2024-013.pdf" }, "title": "Zero-Day Vulnerability in Apple Products", "serial_number": "2024-013", "publish_date": "24-01-2024 09:57:58", "description": "On January 22, 20024, Apple issued updates for a zero-day vulnerability identified as \"CVE-2024-23222\". This vulnerability affects iOS, iPadOS, macOS and tvOS devices and is currently being exploited in the wild. The updates also contain fixes for other vulnerabilities affecting Apple products.
\nIt is recommended updating as soon as possible.
\n", "url_title": "2024-013", "content_markdown": "--- \ntitle: 'Zero-Day Vulnerability in\u00a0Apple\u00a0Products'\nnumber: '2024-013'\nversion: '1.0'\noriginal_date: 'January 22, 2024'\ndate: 'January 24, 2024'\n---\n\n_History:_\n\n* _24/01/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn January 22, 20024, Apple issued updates for a zero-day vulnerability identified as `CVE-2024-23222` [1]. This vulnerability affects iOS, iPadOS, macOS and tvOS devices and is currently being exploited in the wild [2]. The updates also contain fixes for other vulnerabilities affecting Apple products.\n\nIt is recommended updating as soon as possible.\n\n# Technical Details\n\nThe vulnerability `CVE-2024-23222` exists in the WebKit browser engine, and is due to a type confusion. It could allow attackers to execute arbitrary code on an affected device after opening a maliciously crafted web page.\n\n\n# Affected Products\n\n- macOS 12.x before 12.7, 13.x before 13.6, 14.x before 14.3;\n- iOS and iPadOS 16.x before 16.7, 17.x before 17.3;\n- tvOS before 17.3;\n- Safari before 17.3.\n\n# Recommendations\n\nCERT-EU strongly recommends updating affected devices as soon as possible.\n\n# References\n\n[1] \n\n[2] \n\n[3] \n\n[4] \n\n[5] \n\n[6] \n\n[7] \n\n[8] \n", "content_html": "

History:

  • 24/01/2024 --- v1.0 -- Initial publication

Summary

On January 22, 20024, Apple issued updates for a zero-day vulnerability identified as CVE-2024-23222 [1]. This vulnerability affects iOS, iPadOS, macOS and tvOS devices and is currently being exploited in the wild [2]. The updates also contain fixes for other vulnerabilities affecting Apple products.

It is recommended updating as soon as possible.

Technical Details

The vulnerability CVE-2024-23222 exists in the WebKit browser engine, and is due to a type confusion. It could allow attackers to execute arbitrary code on an affected device after opening a maliciously crafted web page.

Affected Products

  • macOS 12.x before 12.7, 13.x before 13.6, 14.x before 14.3;
  • iOS and iPadOS 16.x before 16.7, 17.x before 17.3;
  • tvOS before 17.3;
  • Safari before 17.3.

Recommendations

CERT-EU strongly recommends updating affected devices as soon as possible.

References

[1] https://www.cve.org/CVERecord?id=CVE-2024-23222

[2] https://support.apple.com/en-us/HT214061

[3] https://support.apple.com/en-us/HT214059

[4] https://support.apple.com/en-us/HT214063

[5] https://support.apple.com/en-us/HT214055

[6] https://support.apple.com/en-us/HT214056

[7] https://support.apple.com/en-us/HT214058

[8] https://support.apple.com/en-us/HT214057

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }