First 2024 Zero-Day Addressed: Apple Releases Patch for Critical Security Vulnerability

Apple has addressed its first zero-day vulnerability of 2024, releasing patches for MacOS, iOS, and iPadOS. The identified vulnerability, CVE-2024-23222, involves a type confusion in Webkit, and Apple acknowledges awareness of a potential exploitation of this issue. The company warns that processing maliciously crafted web content could result in arbitrary code execution.

The released fixes cover iPhones and iPads, as well as Macs running macOS Ventura and Monterey. The patch also includes a critical-rated bug in the curl URL retrieval library (CVE-2023-38545), initially disclosed in 2023. This bug, with a CVSS score of 9.8, pertains to a heap-based buffer overflow during the SOCKS5 proxy handshake.

As part of the security roll-up, other fixes have been implemented in various components, including the Apple Neural Engine, accessibility features, core data, finder, ImageIO, the login window, Apple Mail search, and the NSOpenPanel function in AppKit. The update brings several improvements and enhancements to ensure the security and stability of Apple's operating systems.