Apple has released security updates for its operating systems, including iOS, iPadOS, macOS, tvOS, and Safari, to address a zero-day vulnerability actively exploited in the wild. Tracked as CVE-2024-23222, the flaw is a type confusion bug that could allow threat actors to execute arbitrary code by processing malicious web content. Apple’s advisory mentions awareness of the issue being exploited but provides no details about the nature of attacks or the actors involved. This marks the first actively exploited zero-day vulnerability patched by Apple in 2024, following the company addressing 20 such vulnerabilities in 2023.
The zero-day vulnerability is a type confusion bug, a class of flaws that can lead to out-of-bounds memory access, crashes, or arbitrary code execution. Apple has fixed the issue with improved checks. The updates are available for various devices and operating systems, covering iOS, iPadOS, macOS, tvOS, and Safari. Additionally, Apple has backported fixes for CVE-2023-42916 and CVE-2023-42917 to older devices. These patches were initially released in December 2023.
Apple’s response to the actively exploited zero-day underlines the company’s commitment to addressing security vulnerabilities promptly. Last year, Apple addressed 20 zero-days that were actively exploited in real-world attacks. The security updates aim to protect users from potential malicious activities exploiting the identified vulnerabilities. The patches cover a range of Apple devices, including iPhones, iPads, Macs, Apple TVs, and Safari browsers running on different macOS versions.
