⚠ Actively exploited
Added to CISA KEV on 2024-01-23. Federal agencies required to patch by 2024-02-13. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-23222 — Type Confusion in Apple IOS AND Ipados
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.26%
CISA KEV
KEV
Added 2024-01-23
Due 2024-02-13
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 23
KEV addedJan 23
KEV dueFeb 13
Latest updateMar 11
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9