Summary
Apple has released security updates to fix 29 vulnerabilities in its products, including one 0-day vulnerability.
Note: The vendor states that CVE-2024-23222 is being actively exploited online.
Risk
Vulnerability impact rating on the community: SERIOUS/RED (77.94/100)1.
Type
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Elevation of Privilege
Affected Products and Versions
Apple
- Safari 17.x, versions prior to 17.3
- iOS 17.0.x, versions prior to 17.3
- iPadOS 17.0.x, versions prior to 17.3
- iOS 16.7.x, versions prior to 16.7.5
- iPadOS 16.7.x, versions prior to 16.7.5
- iOS 15.8.x, versions prior to 15.8.1
- iPadOS 15.8.x, versions prior to 15.8.1
- macOS Sonoma, versions prior to 14.3
- macOS Ventura, versions prior to 13.6.4
- macOS Monterey, versions prior to 12.7.3
- tvOS 17.x, prior to 17.3
- watchOS 10.x, prior to 10.3
Mitigation Actions
In line with vendor statements, it is recommended to apply patches according to the guidance in the security bulletins, available in the References section.
Unique Vulnerability Identifiers
References
https://support.apple.com/en-sg/HT201222
https://support.apple.com/it-it/HT214056
https://support.apple.com/it-it/HT214059
https://support.apple.com/it-it/HT214063
https://support.apple.com/it-it/HT214062
https://support.apple.com/it-it/HT214061
https://support.apple.com/it-it/HT214058
https://support.apple.com/it-it/HT214057
https://support.apple.com/it-it/HT214060
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
