Skip to main content
 
Inceptus Has Released a New Immediate Threat  

New Immediate Threat Advisory (Date 20240122) – (Apple Multiple Products Type Confusion Vulnerability)  

Advisory Overview    

Labeled as CVE-2024-23222, the already-exploited issue in iOS 17.3 is a vulnerability in WebKit, the
engine that underpins Apple’s Safari browser, that could allow an attacker to execute code. “Apple is
aware of a report that this issue may have been exploited,” the iPhone maker said on its support page.  

What is the Threat?    

Tracked as CVE-2024-23222, this is considered a type confusion vulnerability, in which processing
maliciously crafted web content may enable a threat actor to achieve arbitrary code execution on the
victim’s device.  

Alan Bavosa, vice-president of security products at AppDome, commented on the threat, saying “The
recognised potential attack vectors, encompassing remote code execution, spyware, and kernel
exploits, underscore the severity of this threat in the realm of mobile security as they could allow
attackers to gain total control over iOS devices and compromise any unprotected apps or accounts
running on the device.”  

Why is this Noteworthy?    

This vulnerability could allow an attacker to execute arbitrary code while the victim device processes
maliciously crafted web content.  

What are the Recommendations?    

Please note that it is recommended to apply mitigations per vendor instructions or discontinue use of the
product if mitigations are unavailable. For more details, you can check Apple’s security updates.

There has been a software update released as of 1/24/2024, and it is recommended that you update your
Apple products if applicable.  

References    
https://nvd.nist.gov/vuln/detail/CVE-2024-23222
https://support.apple.com/en-us/HT214055
https://support.apple.com/en-us/HT214056
https://support.apple.com/en-us/HT214057
https://support.apple.com/en-us/HT214058
https://support.apple.com/en-us/HT214059
https://support.apple.com/en-us/HT214061
https://support.apple.com/en-us/HT214063
https://www.computerweekly.com/news/366567513/WebKit-
vulnerability-sparks-Apples-first-major-security-update-of-2024      

If you have any questions, please contact Inceptus at:  

Inceptus Cybersecurity
(239) 673-8130
soc@inceptussecure.com www.inceptussecure.com #underourprotection



  LinkedInFacebookTwitterYouTube     
‹‹ Previous Post
This Weekend, Make Believe with Gulf Coast Symphony
All Posts Next Post ››
Brilliant and Enthralling Theatre