Apple has released security updates for its iOS, iPadOS, macOS, tvOS operating systems and the Safari browser to address an actively exploited zero-day vulnerability.
The flaw in question is CVE-2024-23222, a type confusion issue in the WebKit browser engine that occurs when processing HTML content. If exploited, this vulnerability could allow a remote hacker to execute arbitrary code by tricking the victim into visiting a malicious website. The flaw was addressed with improved checks.
The company did not share any details regarding the nature of the exploitation or when it occurred.
The updates are available for iOS 17.3 and iPadOS 17.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, tvOS 17.3, Safari 17.3.
Besides CVE-2024-23222, Apple has fixed several high-severity issues (CVE-2023-38545, CVE-2024-23213, CVE-2024-23214, and CVE-2024-23206) that could be abused for remote code execution.
The iPhone maker has also backported fixes for two WebKit zero-day flaws - CVE-2023-42916 and CVE-2023-42917- patched last November to older iPhone and iPad models, including iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).