Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem

The Hacker News
#vulnerability#web#ios#mac#apple#auth#zero_day#The Hacker News

Vulnerability / Device Security

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.

The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem was fixed with improved checks.

Type confusion vulnerabilities, in general, could be weaponized to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.

Apple, in a terse advisory, acknowledged that it’s “aware of a report that this issue may have been exploited,” but did not share any other specifics about the nature of attacks or the threat actors leveraging the shortcoming.

The updates are available for the following devices and operating systems -

  • iOS 17.3 and iPadOS 17.3 - iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
  • iOS 16.7.5 and iPadOS 16.7.5 - iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
  • macOS Sonoma 14.3 - Macs running macOS Sonoma
  • macOS Ventura 13.6.4 - Macs running macOS Ventura
  • macOS Monterey 12.7.3 - Macs running macOS Monterey
  • tvOS 17.3 - Apple TV HD and Apple TV 4K (all models)
  • Safari 17.3 - Macs running macOS Monterey and macOS Ventura

The development marks the first actively exploited zero-day vulnerability to be patched by Apple this year. Last year, the iPhone maker had addressed 20 zero-days that have been employed in real-world attacks.

In addition, Apple has also backported fixes for CVE-2023-42916 and CVE-2023-42917 – patches for which were released in December 2023 – to older devices -

  • iOS 15.8.1 and iPadOS 15.8.1 - iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

The disclosure also follows a report that Chinese authorities revealed that they have used previously known vulnerabilities in Apple’s AirDrop functionality to help law enforcement to identify senders of inappropriate content, using a technique based on rainbow tables.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Red Hat Security Advisory 2024-9680-03

Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-9653-03

Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Gentoo Linux Security Advisory 202407-13

Gentoo Linux Security Advisory 202407-13 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution Versions greater than or equal to 2.44.0:4 are affected.

Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

By Waqas Another day, another Apple Security Vulnerability! This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

Debian Security Advisory 5618-1

Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

Apple Security Advisory 02-02-2024-1

Apple Security Advisory 02-02-2024-1 - visionOS 1.0.2 addresses a code execution vulnerability.

CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with

Apple Security Advisory 01-22-2024-9

Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-7

Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-6

Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-5

Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-1

Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.

Why is the cost of cyber insurance rising?

Cyber insurance premiums are expected to rise this year after leveling out in 2023.

Update now! Apple releases patch for zero-day vulnerability

Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

Apple Security Advisory 12-11-2023-8

Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-3

Apple Security Advisory 11-30-2023-3 - macOS Sonoma 14.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-3

Apple Security Advisory 11-30-2023-3 - macOS Sonoma 14.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-2

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-2

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

Debian Security Advisory 5575-1

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

Debian Security Advisory 5575-1

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

Ubuntu Security Notice USN-6545-1

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-6545-1

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2023-7716-03

Red Hat Security Advisory 2023-7716-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-7715-03

Red Hat Security Advisory 2023-7715-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

CVE-2023-42917: About the security content of Safari 17.1.2

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CVE-2023-42917: About the security content of Safari 17.1.2

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.