Apple is rolling out the first major software updates of the year across its entire product lineup, patching a wide range of security flaws, including a zero-day vulnerability that criminals are said to be exploiting.
iOS 17.3 is the third major point-update for iDevice users on iOS 17. It delivers an array of new features, as well as fixes for more than a dozen security weaknesses. One such flaw is serious enough to warrant the zero-day warning from Apple:
“Apple is aware of a report that this issue may have been exploited,” according to the advisory.
Tracked as CVE-2024-23222, this WebKit type confusion flaw can be exploited to compromise the target device with a tainted URL.
“Processing maliciously crafted web content may lead to arbitrary code execution,” according to the notice.
In other words, a motivated attacker could theoretically send a malicious link to the victim, then run their code of choice on the now-compromised device, including malware.
As is typically the case with WebKit weaknesses, the issue is being addressed across most Apple products. This includes older-generation iDevices stuck on iOS 16 and the most widely used macOS iterations today – Sonoma, Ventura and Monterey.
Two former zero-days reported by Google's Threat Analysis Group last year are also being backported for iDevices stuck on iOS 15 – the oldest iOS iteration still supported by Apple with security updates.
Apple TV owners are also said to be vulnerable, with tvOS 17.3 addressing the issue on this front. Apple Watch users are unaffected by this zero-day, despite typically exhibiting the same weaknesses when WebKit is declared the culprit. Still, Apple addresses other, less-serious bugs with watchOS 10.3, most of which are also addressed across the entire product lineup.
Earlier this month, the Cupertino tech giant released a firmware update for its proprietary wireless keyboards after a researcher demonstrated he could exploit a flaw to inject keystrokes and perform actions posing as the user.
Considering that threat actors are said to be actively exploiting the WebKit flaw, Bitdefender strongly recommends Apple users update to these new software releases immediately. For peace of mind, it’s recommended that you also always run a dedicated security solution on your devices.
To learn more about the threats targeting iDevices this year, read: What Security Risks Do iPhone Users Face in 2024?