CVE-2024-23222: A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2024-02-13

Exploited in the wild

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.

Affected

28 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	ios_15.8.7_and_ipados	—	—
apple	ios_16.7.5_and_ipados	—	—
apple	ios_17.3_and_ipados	—	—
apple	ios_and_ipados	< 15.8.7	15.8.7
apple	ios_and_ipados	< 16.7.5	16.7.5
apple	ios_and_ipados	< 17.3	17.3
apple	ipados	< 15.8.7	15.8.7
apple	ipados	>= 16.0 < 16.7.5	16.7.5
apple	ipados	>= 17.0 < 17.3	17.3
apple	iphone_os	< 15.8.7	15.8.7
apple	iphone_os	>= 16.0 < 16.7.5	16.7.5
apple	iphone_os	>= 17.0 < 17.3	17.3
apple	macos	< 12.7.3	12.7.3
apple	macos	< 13.6.4	13.6.4
apple	macos	< 14.3	14.3
apple	macos	>= 12.0 < 12.7.3	12.7.3
apple	macos	>= 13.0 < 13.6.4	13.6.4
apple	macos	>= 14.0 < 14.3	14.3
apple	macos_monterey	—	—
apple	macos_sonoma	—	—
apple	macos_ventura	—	—
apple	safari	< 17.3	17.3
apple	safari	—	—
apple	tvos	< 17.3	17.3
apple	tvos	—	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv8.8HIGH

vulncheck8.8HIGH

cisa8.8HIGH