Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[Zero-Day] Alert: Apple’s Critical Security Fixes

Executive Summary

Apple recently addressed a significant security issue, a zero-day flaw, tracked as CVE-2024-23222. This flaw poses a risk to various Apple devices. Accordingly, Apple released updates for iOS, iPadOS, macOS, tvOS, and Safari to safeguard users against potential exploits.

Given the presence of known exploits, it is crucial for users to promptly update their devices to ensure optimal protection.

About CVE-2024-23222

The Apple zero-day flaw, CVE-2024-23222, is a type of confusion vulnerability.

It allows attackers to execute arbitrary code by directing victims to malicious websites. It could lead to severe consequences, such as security restriction bypass, information disclosure, and elevation of privilege. Please note that the flaw doesn’t have a CVSS score yet.

The vulnerability affects a wide array of Apple devices, including:

  • iPhones (iPhone XS and later)
  • iPad Pro (12.9-inch 2nd generation and later)
  • iPad Pro (10.5-inch)
  • iPad Pro (11-inch 1st generation and later)
  • iPad Air (3rd generation and later)
  • iPad (6th generation and later)
  • iPad mini (5th generation and later)
  • Macs running macOS Sonoma, macOS Ventura, and macOS Monterey
  • Apple TV HD and Apple TV 4K (all models)
Apple’s Fixes

Apple has addressed this issue by improving checks and memory handling, and has released a series of updates across various platforms:

Released S/WAvailable For
iOS 17.3 and iPadOS 17.3iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
iOS 16.7.5 and iPadOS 16.7.5iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation
iOS 15.8.1 and iPadOS 15.8.1iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation)
macOS Sonoma 14.3Macs running macOS Sonoma
macOS Ventura 13.6.4Macs running macOS Ventura
macOS Monterey 12.7.3Macs running macOS Monterey
tvOS 17.3Apple TV HD and Apple TV 4K (all models)
Safari 17.3Macs running macOS Monterey and macOS Ventura

Apple acknowledges the potential exploitation of this flaw, emphasising the importance of immediate security updates.

Apple’s Recent Critical Security Updates

This vulnerability is the first zero-day of Apple in 2024. On the other hand, the company fixed two zero-days in December. Apple also released other critical security updates in December.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00