Apple Critical Zero-day Flaw Exposes iPhones & Macs
Apple has released its first zero-day vulnerability patch of 2024, which affected several Apple products, including tvOS, iOS, iPadOS, macOS, and Safari. The zero-day is tracked under the CVE ID CVE-2024-23222, and the severity of this vulnerability is yet to be categorized.
Apple stated that they are aware of this vulnerability being exploited by threat actors in the wild and urges all users to patch their Apple products accordingly.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
This vulnerability is associated with Type confusion, which arises when a resource is accessed with an incompatible type that could lead to logical errors. A threat actor can exploit this vulnerability by crafting malicious web content, which could lead to arbitrary code execution on affected products.
Moreover, according to Apple’s security advisories, this vulnerability exists in the WebKit component and is prevalent on several Apple products, both old ones and new ones. Products affected by this vulnerability include
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
macOS Monterey, macOS Ventura and macOS Sonoma
Apple TV HD and Apple TV 4K (all models)
Moreover, several other security updates were also published by Apple that patched multiple other vulnerabilities affecting different components and products.
It is recommended that users of all the affected Apple products patch with the latest security updates to prevent the exploitation of these vulnerabilities by threat actors.
Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. Free demo available.
CyberCon 2023: A unique mix of critical infrastructure and cybersecurity.
Dave Bittner recently spoke at CyberCon 2023 at Bismarck State College in North Dakota. While there, he had the opportunity to interview 4 members of the conference planning committee (all past or current chairs of the event) for a better understanding of the event, its focus on a mix of critical infrastructure and cybersecurity, and how the event has evolved over the years. Read More