Update Immediately! Apple Issues An Upgrade To Address A Zero-Day Vulnerability

0

Update Immediately! Apple Issues An Upgrade To Address A Zero-Day Vulnerability

Apple has just issued security upgrades for multiple products, which include a fix for a zero-day vulnerability that has the potential to affect iPhones, iPads, Macs, and Apple TVs.

Apple acknowledges being informed of a report suggesting that the flaw may have already been utilized. Specific information regarding the vulnerability’s characteristics was withheld in order to allow users sufficient time to apply the fixes.

If you have enabled automatic updates, you may already have received the updates. However, it is advisable to verify that you are using the most recent version.

To obtain a Safari update for your device, either update your iPhone or iPad or update your Mac.

Updates are available for:

Safari 17.3 macOS Monterey and macOS Ventura
iOS 17.3 and iPadOS 17.3 iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
iOS 16.7.5 and iPadOS 16.7.5 iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
iOS 15.8.1 and iPadOS 15.8.1 iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
macOS Sonoma 14.3 macOS Sonoma
macOS Ventura 13.6.4 macOS Ventura
macOS Monterey 12.7.3 macOS Monterey
watchOS 10.3 Apple Watch Series 4 and later
tvOS 17.3 Apple TV HD and Apple TV 4K (all models)

Technical details

The zero-day vulnerability, identified as CVE-2024-23222, refers to a type of confusion problem in WebKit that has been resolved with the implementation of enhanced checks. The problem has been resolved in tvOS 17.3, iOS 17.3, and iPadOS 17.3. It has also been corrected in macOS Sonoma 14.3, iOS 16.7.5, and iPadOS 16.7.5. Additionally, the issue has been addressed in Safari 17.3, macOS Ventura 13.6.4, and macOS Monterey 12.7.3. Execution of arbitrary code can occur while processing online material that has been intentionally created with malicious intent.

Type confusion may arise with interpreted languages like JavaScript and PHP, which employ dynamic type. Dynamic typing refers to the process of determining and updating the type of a variable during runtime, as opposed to setting it at compile-time in a statically typed language. A type of confusion vulnerability refers to a situation where an attacker can manipulate the type of a certain variable in order to provoke undesired actions or behavior.

Additionally, various other vulnerabilities in WebKit, the browser engine that powers Safari and other applications, were also fixed.

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities Catalog, as there is evidence of ongoing exploitation.

Federal Civilian Executive Branch (FCEB) organizations must address this vulnerability by February 13, 2024, to safeguard their equipment from ongoing threats.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.

READ MORE NEWS HERE

Microsoft was Compromised by State-Sponsored Hackers that it was Actively Investigating.

“The Largest Breach of All Times”: The Discovery of 26 Billion Records Found Online

A Man Presenting as a Manager of Flipkart is Arrested in a ₹13 Crore Cryptocurrency Scam; Dehradun Police Bust Group Across 12 States

 

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Hello
Can we help you?