CVE-2024-23222

high-risk
Published 2024-01-23

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.

Do I need to act?

-
0.61% chance of exploitation
EPSS score — low exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Apple

References (25)

Release Notes https://support.apple.com/en-us/118479
Release Notes https://support.apple.com/en-us/120304
Release Notes https://support.apple.com/en-us/120305
Release Notes https://support.apple.com/en-us/120307
Release Notes https://support.apple.com/en-us/120309
Release Notes https://support.apple.com/en-us/120310
Release Notes https://support.apple.com/en-us/120311
Release Notes https://support.apple.com/en-us/120339
Release Notes https://support.apple.com/en-us/126632
Third Party Advisory http://seclists.org/fulldisclosure/2024/Feb/6
Third Party Advisory http://seclists.org/fulldisclosure/2024/Jan/34
Third Party Advisory http://seclists.org/fulldisclosure/2024/Jan/40
Broken Link https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Release Notes https://support.apple.com/en-us/HT214055
Release Notes https://support.apple.com/en-us/HT214059
Release Notes https://support.apple.com/en-us/HT214061
Release Notes https://support.apple.com/kb/HT214055
Release Notes https://support.apple.com/kb/HT214056
Release Notes https://support.apple.com/kb/HT214057
Release Notes https://support.apple.com/kb/HT214058
and 5 more references
52
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 9/34 · Low
Exposure 13/34 · Low