Skip to content

Apple fixes zero-day in iPhones, iPads, Macs and Apple TVs

  • by
  • 2 min read

Apple has released security updates to secure iPhones, Macs, and TVs’ zero-day vulnerability. This also marks Apple’s first zero-day fix in 2024.

The vulnerability, CVE-2024-23222, pertains to a Webkit-type confusion issue that the threat actors could exploit for arbitrary code execution on the victim’s device. The attack vendor involves the victim opening a malicious web page.

Webkit-type confusion vulnerabilities, a category of software bugs, can be weaponised for out-of-bounds memory access, leading to system crashes or, more critically, facilitating arbitrary code execution. Apple acknowledged the issue in an advisory, confirming its awareness of reported exploitation while withholding specific details about the attacks or the threat actors’ identity.

The updates apply to a range of Apple devices and operating systems:

  • iOS 16.7.5 and later, iPadOS 16.7.5 and later, macOS Monterey 12.7.3 and later, tvOS 17.3
  • iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation
  • iPhone XS, iPad Pro 12.9-inch second generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch first generation and later, iPad Air third generation and later, iPad sixth generation and later, and iPad mini fifth generation and later.
  • macOS Monterey
  • Apple TV HD
  • Apple TV 4K

In addition to the zero-day fix, Apple has also released two more updates which the company had scheduled to release in December — CVE-2023-42916 and CVE-2023-42917.

The update also includes Stolen Device Protection and a new Unity wallpaper.

These fixes apply to iOS 15.8.1 and iPadOS 15.8.1 on iPhone 6s, iPhone 7, iPhone SE (first generation), iPad Air 2, iPad mini (fourth generation), and iPod touch (seventh generation).

The security update follows reports of Chinese authorities utilising known vulnerabilities in Apple’s AirDrop functionality. These vulnerabilities were exploited to assist law enforcement in identifying senders of inappropriate content, employing a technique based on rainbow tables.

In the News: Advanced malware targets macOS through cracked apps

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

Minimal Phone might be the digital detox you need

Nothing Phone 3a arrives next month: Everything revealed so far

South Korea flags DeepSeek over data privacy concerns

WazirX introduces Creditor List and balance snapshot page

T-Mobile begins testing Starlink’s satellite-to-cell service

  • by
  • In News

DeepSeek iOS app sends unencrypted data to ByteDance servers

>