In response to a zero-day vulnerability that is being actively exploited in the wild, Apple provided security upgrades on Monday for the Safari web browser, iOS, iPadOS, macOS, tvOS, and Linux. The problem, identified as CVE-2024-23222, is a type misunderstanding bug that, when processing maliciously created online content, could be used by a threat actor to accomplish arbitrary code execution.

The tech behemoth claimed that better checks had resolved the issue. In general, type confusion vulnerabilities have the potential to be used as a weapon to execute arbitrary code, cause a crash, or accomplish out-of-bounds memory access.

In a concise alert, Apple stated that it is “aware of a report that this issue may have been exploited,” but it provided no other information regarding the type of attacks or the threat actors taking advantage of the vulnerability. The following operating systems and devices can receive the updates. -

1. iOS 17.3 and iPad 17.3 - iPhone XS and later; iPad Pro 12.9-inch, 2nd generation and later; iPad Pro 10.5-inch; iPad Pro 11-inch, 1st generation and later; iPad Air 3rd generation and later; iPad 6th generation and later; iPad mini 5th generation and later
2. iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation running iOS 16.7.5 and iPad 16.7.5
3. Mac computers running macOS Sonoma 14.3
4. Ventura for macOS Macs running macOS Ventura (13.6.4)
5. Monterey on macOS 12.7.3 - Macs with Monterey macOS
6. Apple TV HD and Apple TV 4K (all models) running tvOS 17.3
7. Safari 17.3 on Macs with macOS Ventura and Monterey

This is the first time Apple has patched a zero-day vulnerability that has been actively exploited this year. The manufacturer of iPhones fixed 20 zero-day vulnerabilities that were used in actual assaults last year. Furthermore, Apple has released patches for CVE-2023-42916 and CVE-2023-42917 in December 2023, and they have been backported to older devices.

• iPhone 6 & 7 (all models), iPhone SE (first generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) are compatible with iOS 15.8.1 and iPadOS 15.8.1.

The announcement coincides with another claim that Chinese authorities have disclosed that they have employed a rainbow table-based method to assist law enforcement in identifying senders of illicit content by leveraging previously identified weaknesses in Apple's AirDrop capabilities.