Apple on Monday launched safety updates for iOS, iPadOS, macOS, tvOS, and Safari net browser to handle a zero-day flaw that has come underneath lively exploitation within the wild.
The difficulty, tracked as CVE-2024-23222, is a sort confusion bug that may very well be exploited by a menace actor to attain arbitrary code execution when processing maliciously crafted net content material. The tech big stated the issue was fastened with improved checks.
Sort confusion vulnerabilities, usually, may very well be weaponized to carry out out-of-bounds reminiscence entry, or result in a crash and arbitrary code execution.
Apple, in a terse advisory, acknowledged that it is “conscious of a report that this concern might have been exploited,” however didn’t share every other specifics concerning the nature of assaults or the menace actors leveraging the shortcoming.
The updates can be found for the next gadgets and working programs –
- iOS 17.3 and iPadOS 17.3 – iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, and iPad mini fifth technology and later
- iOS 16.7.5 and iPadOS 16.7.5 – iPhone 8, iPhone 8 Plus, iPhone X, iPad fifth technology, iPad Professional 9.7-inch, and iPad Professional 12.9-inch 1st technology
- macOS Sonoma 14.3 – Macs operating macOS Sonoma
- macOS Ventura 13.6.4 – Macs operating macOS Ventura
- macOS Monterey 12.7.3 – Macs operating macOS Monterey
- tvOS 17.3 – Apple TV HD and Apple TV 4K (all fashions)
- Safari 17.3 – Macs operating macOS Monterey and macOS Ventura
The event marks the primary actively exploited zero-day vulnerability to be patched by Apple this 12 months. Final 12 months, the iPhone maker had addressed 20 zero-days which have been employed in real-world assaults.
As well as, Apple has additionally backported fixes for CVE-2023-42916 and CVE-2023-42917 – patches for which have been launched in December 2023 – to older gadgets –
- iOS 15.8.1 and iPadOS 15.8.1 – iPhone 6s (all fashions), iPhone 7 (all fashions), iPhone SE (1st technology), iPad Air 2, iPad mini (4th technology), and iPod contact (seventh technology)
The disclosure additionally follows a report that Chinese language authorities revealed that they’ve used beforehand recognized vulnerabilities in Apple’s AirDrop performance to assist regulation enforcement to establish senders of inappropriate content material, utilizing a way based mostly on rainbow tables.
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.