← back
CVE-2024-23222

CVE-2024-23222

CVSS 8.8 HIGHEPSS 10.6%● KEVCWE-843
In short

A flaw in how Safari processes certain web content allows attackers to confuse the browser about data types, potentially letting them run malicious code on your device. Updating your browser and operating system is essential to stay protected.

Technical detail

Type confusion vulnerability (CWE-843) in WebKit's type checking mechanisms allows an attacker to process maliciously crafted web content without proper type validation, leading to arbitrary code execution. The vulnerability requires user interaction (visiting a malicious website) and affects multiple Apple platforms; mitigation involves improved type checks in Safari 17.3 and corresponding OS updates.

Summary generated and translated by AI from the official description.
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · SafariApple · tvOSApple · visionOS
public PoCs found2
githubgithub.com/FuzzySecurity/Cassowary-CVE-2024-23222-x86_6410githubgithub.com/Rohitberiwala/CVE-2024-23222-Coruna-Exploit-Kit-Deobfuscated5
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2024/Feb/6http://seclists.org/fulldisclosure/2024/Jan/34http://seclists.org/fulldisclosure/2024/Jan/40https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/https://support.apple.com/en-us/118479https://support.apple.com/en-us/120304https://support.apple.com/en-us/120305https://support.apple.com/en-us/120307https://support.apple.com/en-us/120309https://support.apple.com/en-us/120310https://support.apple.com/en-us/120311https://support.apple.com/en-us/120339