On Monday, Apple released the latest round of updates to iOS, iPadOS, macOS, watchOS, and tvOS, which include a few new features, a smattering of bug fixes, and some pretty important security patches. Among them is a patch for a vulnerability that may have been exploited in the wild—in other words, you should rush to patch it.
The zero-day is the first Apple has fixed this year. It affects the following models: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later, as well as Macs running Sonoma, Ventura, and Monterey, and all Apple TV models. It was discovered as part of the WebKit Bugzilla program.
WebKit CVE-2024-23222
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
- Description: A type confusion issue was addressed with improved checks.
- WebKit Bugzilla: 267134
The updates also include a strange Time Zone patch that may allow an app to view a user’s phone number in system logs, as well as about a dozen other patches for Apple Neural Engine, Kernel, Safari, Finder, and Shortcuts, and several other system featrues.
Additionally, Apple released iOS 16.7.5 and iOS 15.8.1 to address a pair of zero-day WebKit flaws that were previously patched in iOS 17.1.2 last year.