Update Immediately! Apple Issues An Upgrade To Address A Zero-Day Vulnerability
Apple has just issued security upgrades for multiple products, which include a fix for a zero-day vulnerability that has the potential to affect iPhones, iPads, Macs, and Apple TVs.
Apple acknowledges being informed of a report suggesting that the flaw may have already been utilized. Specific information regarding the vulnerability’s characteristics was withheld in order to allow users sufficient time to apply the fixes.
If you have enabled automatic updates, you may already have received the updates. However, it is advisable to verify that you are using the most recent version.
To obtain a Safari update for your device, either update your iPhone or iPad or update your Mac.
Updates are available for:
|macOS Monterey and macOS Ventura
|iOS 17.3 and iPadOS 17.3
|iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
|iOS 16.7.5 and iPadOS 16.7.5
|iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
|iOS 15.8.1 and iPadOS 15.8.1
|iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
|macOS Sonoma 14.3
|macOS Ventura 13.6.4
|macOS Monterey 12.7.3
|Apple Watch Series 4 and later
|Apple TV HD and Apple TV 4K (all models)
The zero-day vulnerability, identified as CVE-2024-23222, refers to a type of confusion problem in WebKit that has been resolved with the implementation of enhanced checks. The problem has been resolved in tvOS 17.3, iOS 17.3, and iPadOS 17.3. It has also been corrected in macOS Sonoma 14.3, iOS 16.7.5, and iPadOS 16.7.5. Additionally, the issue has been addressed in Safari 17.3, macOS Ventura 13.6.4, and macOS Monterey 12.7.3. Execution of arbitrary code can occur while processing online material that has been intentionally created with malicious intent.
Additionally, various other vulnerabilities in WebKit, the browser engine that powers Safari and other applications, were also fixed.
The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities Catalog, as there is evidence of ongoing exploitation.
Federal Civilian Executive Branch (FCEB) organizations must address this vulnerability by February 13, 2024, to safeguard their equipment from ongoing threats.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE NEWS HERE
A Man Presenting as a Manager of Flipkart is Arrested in a ₹13 Crore Cryptocurrency Scam; Dehradun Police Bust Group Across 12 States