Critical Zero-Day Patch Released for Apple Devices

Apple has released a critical Zero-Day Patch for iPhones and Macs to fix vulnerabilities actively exploited in the wild. Users are urged to update immediately for enhanced protection. Apple has fixed a number of other zero-day flaws overall in the past few months.

WebKit has been a common target for threat actors as many previously exploited vulnerabilities have been reported in this component, WebKit is the web browser engine developed by Apple and used by many other apps on macOS, and iOS.

Apple Releases Rapid Security Response Updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day patch, specifically for tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3 to fix actively Exploited Vulnerability.

Apple Patch Updates address Zero Day Vulnerabilities targeting iPhones, iPads, Macs and Safari web browsers. The Rapid Security Response updates address fixes for actively exploited vulnerabilities, CVE-2024-23222 WebKit web browser engine flaws.

Patch My PC

The best way is always to keep Apple devices updated with the latest patches. Also, IT Admins can force critical macOS, and iOS patches and enable Compliance policy if they manage the devices with Intune to ensure all the devices are compliant and secure to be attacked by any remote attacker, More about Force Safari Patch Updates On MacOS.

Apple Zero-Day Patch Update Fix Vulnerabilities

Rapid Security Responses are a new type of software release for iPhone, iPad, and Mac. Apple is aware of a report that this issue may have been exploited. The Rapid Security Responses (RSR) were released to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist “in the wild.”

Adaptiva
Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 Fig.1
Critical Zero-Day Patch Released for Apple Devices Fig.1

Apple is aware of a report that this issue may have been exploited. The issue tracked with CVE-2024-23222 is a type of confusion issue that was addressed with improved checks in the WebKit browser engine, Zero-Day Patch. Processing maliciously crafted web content may lead to arbitrary code execution.

PlatformImpactDescriptionsCVE-ID
tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3.Processing maliciously crafted web content may lead to arbitrary code executionA type confusion issue was addressed with improved checks. CVE-2024-23222
Table 1 – Critical Zero-Day Patch Released for Apple Devices | CVE-2024-23222

Apple Releases Rapid Security Response Updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day patch, specifically for tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3.

Name and information linkAvailable forRelease date
Safari 17.3macOS Monterey and macOS Ventura22 Jan 2024
iOS 17.3 and iPadOS 17.3iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later22 Jan 2024
iOS 16.7.5 and iPadOS 16.7.5iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation22 Jan 2024
iOS 15.8.1 and iPadOS 15.8.1iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)22 Jan 2024
macOS Sonoma 14.3macOS Sonoma22 Jan 2024
macOS Ventura 13.6.4macOS Ventura22 Jan 2024
macOS Monterey 12.7.3macOS Monterey22 Jan 2024
watchOS 10.3Apple Watch Series 4 and later22 Jan 2024
tvOS 17.3Apple TV HD and Apple TV 4K (all models)22 Jan 2024
Table 2 – Critical Zero-Day Patch Released for Apple Devices | CVE-2024-23222

Important to Keep Apple Devices Up to Date

To download macOS software updates, choose Apple menu > System Settings, click General in the sidebar (you may need to scroll down), then click Software Update on the right for Zero-Day Patch.

Clicking on the Update Now, You can see Windows appearing with the Information and updates that are available for your Mac with Version and size details. You can click on the Install Now button to start installing the updates.

Note – New Rapid Security Responses are delivered only for the latest versions of iOS, iPadOS, and macOS, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1.

By default, your device automatically applies Rapid Security Responses. If necessary, you will be prompted to restart your device. To check your device settings, follow the steps below.

If you want to enable the automatic updates for your device, You can simply click on the Automatic Updates (i) button to get the offered options for you, then make sure that “Install Security Responses and system files” is turned On. Here you can set it up the following option to offer automatic update

  • Check for updates
  • Download new updates when available
  • Install macOS updates
  • Install application updates from the App Store
  • Install Security Response and system files
MacOS Update - Critical Zero-Day Patch Released for Apple Devices | CVE-2024-23222 Fig.2
MacOS Update – Critical Zero-Day Patch Released for Apple Devices | CVE-2024-23222 Fig.2

Do you have supervised iOS devices managed through Intune? If so, you may be aware that iOS software updates will force installation updates on supervised mode iOS devices. Intune has a policy to prevent/delay these force updates, How To Schedule IOS Automatic Updates Using Intune Policies.

Manage macOS Software Updates using Intune

Intune policy for macOS software updates allows you to remotely manage how downloads, installations, and notifications should occur when the updates are available for macOS, You can manage macOS Updates Using Intune Policy.

You can check the Software Update Status for macOS Devices with the following steps to help you monitor and troubleshoot issues with software updates installation on macOS. Here’s how to get the details status specific to the device in Intune, Monitor MacOS Update Installation Status.

Once you click on the update, you will get a detailed report of the updates. For example, The device is installing macOS Security Response Zero-Day Patch. The Update Category statusupdate categoryVersion, and Last updated are displayed here.

MacOS Update - Critical Zero-Day Patch Released for Apple Devices | CVE-2024-23222 Fig.3
MacOS Update – Critical Zero-Day Patch Released for Apple Devices | CVE-2024-23222 Fig.3

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

About Author – JiteshMicrosoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.