Apple Issues Patch for Critical Zero-Day in iPhones



On Monday, Apple issued security updates across various platforms, including iOS, iPadOS, macOS, tvOS, and Safari web browser, to address a recently discovered zero-day vulnerability that has been actively exploited. The identified issue, designated as CVE-2024-23222, is categorized as a type confusion bug. Exploitation of this bug could allow a malicious actor to execute arbitrary code by manipulating web content. Apple reported that the flaw has been remedied through enhanced checks.

Type confusion vulnerabilities, like the one addressed in this update, have the potential to be leveraged for out-of-bounds memory access, crashes, and arbitrary code execution.

While Apple acknowledged being “aware of a report that this issue may have been exploited,” specific details regarding the nature of the attacks or the identity of threat actors were not disclosed in the brief advisory.

The security updates are applicable to the following devices and operating systems:

  • iOS 17.3 and iPadOS 17.3 (iPhone XS and later, various iPad models)
  • iOS 16.7.5 and iPadOS 16.7.5 (iPhone 8, iPhone 8 Plus, iPhone X, and specific iPad models)
  • macOS Sonoma 14.3 (Macs running macOS Sonoma)
  • macOS Ventura 13.6.4 (Macs running macOS Ventura)
  • macOS Monterey 12.7.3 (Macs running macOS Monterey)
  • tvOS 17.3 (Apple TV HD and Apple TV 4K, all models)
  • Safari 17.3 (Macs running macOS Monterey and macOS Ventura)


This development marks Apple’s first response to an actively exploited zero-day vulnerability in the current year. In the previous year, Apple addressed a total of 20 zero-days that were actively used in real-world attacks.

Additionally, Apple has retroactively applied fixes for CVE-2023-42916 and CVE-2023-42917, vulnerabilities for which patches were released in December 2023. These fixes have been extended to older devices, including iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

This announcement comes on the heels of a separate report revealing that Chinese authorities utilized known vulnerabilities in Apple’s AirDrop functionality to aid law enforcement in identifying individuals sending inappropriate content, employing a technique based on rainbow tables.


Other news

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

A critical security vulnerability has been identified in the TP-Link Archer C5400X gaming router, potentially allowing remote code execution by sending specially crafted requests.

Read More

New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices

Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that’s capable of targeting routers and IoT devices.

Read More