First published: Mon Jan 22 2024(Updated: )
A type confusion issue was addressed with improved checks. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. Reference: <a href="https://webkitgtk.org/security/WSA-2024-0001.html">https://webkitgtk.org/security/WSA-2024-0001.html</a>
Credit: product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/webkit2gtk | <=2.36.4-1~deb10u1<=2.38.6-0+deb10u1<=2.42.2-1~deb11u1<=2.42.2-1~deb12u1 | 2.42.5-1~deb11u1 2.42.5-1~deb12u1 2.42.5-1 2.44.1-1 |
debian/wpewebkit | <=2.38.6-1~deb11u1<=2.38.6-1 | 2.42.5-1 2.44.1-1 |
ubuntu/webkit2gtk | <2.42.5-0ubuntu0.22.04.2 | 2.42.5-0ubuntu0.22.04.2 |
ubuntu/webkit2gtk | <2.42.5-0ubuntu0.23.10.2 | 2.42.5-0ubuntu0.23.10.2 |
ubuntu/webkit2gtk | <2.42.5 | 2.42.5 |
Apple Multiple Products | ||
Apple macOS | <14.3 | 14.3 |
tvOS | <17.3 | 17.3 |
visionOS | <1.0.2 | 1.0.2 |
macOS | <12.7.3 | 12.7.3 |
macOS Ventura | <13.6.4 | 13.6.4 |
Safari | <17.3 | 17.3 |
Apple iOS and iPadOS | <17.3 | 17.3 |
Apple iOS, iPadOS, and macOS | <17.3 | 17.3 |
Apple iOS and iPadOS | <16.7.5 | 16.7.5 |
Apple iOS, iPadOS, and macOS | <16.7.5 | 16.7.5 |
Apple iOS, iPadOS, and macOS | <16.7.5 | |
Apple iOS, iPadOS, and macOS | >=17.0<17.3 | |
iPhone OS | <16.7.5 | |
iPhone OS | >=17.0<17.3 | |
macOS | <12.7.3 | |
macOS | >=13.0<13.6.4 | |
macOS | >=14.0<14.3 | |
tvOS | <17.3 |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2024-23222 is considered to have a high severity due to the potential for arbitrary code execution.
To address CVE-2024-23222, users should update to the latest versions of affected products as specified by Apple and other vendors.
CVE-2024-23222 affects various Apple products including iOS, iPadOS, macOS, and Safari, as well as Debian and Ubuntu packages like webkit2gtk and wpewebkit.
Yes, there are reports indicating that CVE-2024-23222 may have been exploited in the wild.
CVE-2024-23222 involves a type confusion vulnerability that can lead to arbitrary code execution when handling malicious web content.