After Google fixed its first zero-day flaw this year, Apple released security updates to address a serious vulnerability affecting iPhones, Macs, and even Apple TVs.
As reported by BleepingComputer, Cupertino’s first zero-day flaw of 2024 (tracked as CVE-2024-23222) is a WebKit confusion issue that can be exploited by hackers to execute arbitrary code on impacted Apple devices. This can only occur once an attacker tricks unsuspecting iPhone or Mac users into opening a malicious site on their devices though.
In a security advisory on its website, Apple said it “is aware of a report indicating that this factor may have been exploited” by attackers. Surprisingly, the company has yet to present the discovery of this new zero-day to any particular security researcher.
Fortunately, Apple has fixed this flaw with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, macOS Monterey 12.7.3 and higher and in tvOS 17.3 and higher. If you own one of the impacted devices, you need to install these new security updates as soon as possible to avoid falling victim to any attacks exploiting this vulnerability.
As WebKit is Apple’s browser engine that powers Safari, Mail, the App Store, and many other macOS and iOS apps, the list of devices affected by this zero-day is long.
For instance, the best iPhones from the iPhone XS on are vulnerable as is the iPad Pro 12.9-inch 2nd generation and later, the iPad Pro 10.5 inch, the iPad Pro 11-inch 1st generation and later, the iPad Air 3rd generation and later, the iPad 6th generation and later and the iPad mini 5th generation and later. When it comes to the best MacBooks and other Apple computers, Macs running macOS Monterey and later are impacted too as are all Apple TV HD and Apple TV 4K models.
Like Apple’s latest Zero Days, this one will likely only be used in targeted attacks against high-profile figures such as politicians, journalists, and business owners. However, vulnerabilities like this can be used against people, which is why you want to update your Apple devices as soon as possible.
When it comes to protecting your Apple devices, the first and foremost thing you can do is install new updates as soon as they become available. In addition to exciting new features, such as protection from stolen devices, those updates also involve vital security fixes.
While Macs come with Apple’s antivirus software in the form of XProtect, you also deserve to employ the most productive Mac antivirus software in parallel for extra protection. As for its iPhone, there’s no equivalent to the most productive Android antivirus apps for iOS due to the company’s own malware scanning restrictions. However, the Intego Mac Premium Bundle X9 and Intego Mac Internet Security X9 can scan an iPhone or iPad for malware when connected to a Mac via a USB cable.
Given that Apple is willing to work with security researchers from all sorts of other companies (including Google) to find flaws in its products, this is most likely not the last zero-day vulnerability the company sees patched this year. In fact, last year Apple patched a total of 20 zero-day vulnerabilities.
Anthony Spadafora is the security and networking editor at Tom’s Guide, where he covers everything from data breaches and ransomware gangs to password managers and the most productive way to cover your entire home or business with Wi-Fi. Prior to joining the team, he wrote for ITProPortal while living in Korea and then for TechRadar Pro after returning to the United States. Based in Houston, Texas, when he’s not typing, Anthony tinkers with PCs and game consoles, manages cables, and upgrades his smart home.
26 billion records exposed online in biggest data leak ever — what to do now
How to use a VPN
Samsung’s reaction to the AirPods Pro 2 is ‘in the works’ for a 2024 date
Tom’s Guide is from Future US Inc, a leading foreign media organization and virtual publisher. Visit our corporate site.