Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2024-23222

Published: 23/01/2024 Updated: 08/03/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Apple

Vulnerability Summary

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple macos

apple iphone os

apple ipados

apple tvos

apple safari

apple visionos

Vendor Advisories

Amazon Linux 2: ALAS-2024-2434
A type confusion issue was addressed with improved checks This issue is fixed in tvOS 173, iOS 173 and iPadOS 173, macOS Sonoma 143, iOS 1675 and iPadOS 1675, Safari 173, macOS Ventura 1364, macOS Monterey 1273 Processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue ...
Red Hat:
Description<!---->A flaw was found in WebKitGTK Processing malicious web content may lead to remote code execution due to a type confusion issue This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalogA flaw was found in WebKitGTK Processing malicious web content may lead to remote code executi ...
Apple: visionOS 1.0.2
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: tvOS 17.3
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: macOS Sonoma 14.3
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: macOS Ventura 13.6.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: iOS 16.7.5 and iPadOS 16.7.5
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: Safari 17.3
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: iOS 17.3 and iPadOS 17.3
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: macOS Monterey 12.7.3
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...

Mailing Lists

Full Disclosure: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Adrian P ...
Full Disclosure: APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-01-22-2024-2 iOS 173 and iPadOS 173 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Prod ...
Full Disclosure: APPLE-SA-01-22-2024-1 Safari 17.3
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-01-22-2024-1 Safari 173 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Security ...

Recent Articles

Apple backports fix for RTKit iOS zero-day to older iPhones
BleepingComputer • Sergiu Gatlan • 13 May 2024

Apple backports fix for RTKit iOS zero-day to older iPhones By Sergiu Gatlan May 13, 2024 05:47 PM 0 Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. In security advisories published today, Apple once again said they're aware of reports that this vulnerability "may have been actively exploited." The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers w...

Read more...
Apple backports fix for zero-day exploited in attacks to older iPhones
BleepingComputer • Sergiu Gatlan • 13 May 2024

Apple backports fix for zero-day exploited in attacks to older iPhones By Sergiu Gatlan May 13, 2024 05:47 PM 0 Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks. In security advisories published today, Apple once again said they're aware of reports that this vulnerability "may have been actively exploited." The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attacke...

Read more...

References

CWE-843https://support.apple.com/en-us/HT214059https://support.apple.com/en-us/HT214055https://support.apple.com/en-us/HT214061https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2434.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook