Login Sign Up

CVE-2024-23222

8.8 HIGH
Remote Code Execution

📋 TL;DR

A type confusion vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code. This affects users of iOS, iPadOS, macOS, and tvOS who visit compromised websites. Apple has confirmed this vulnerability may have been actively exploited.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • tvOS
Versions: Versions before iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3
Operating Systems: iOS, iPadOS, macOS, tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices using Safari or WebKit-based browsers are vulnerable by default when processing web content.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the device, enabling data theft, surveillance, or ransomware deployment.

🟠

Likely Case

Drive-by compromise where visiting a malicious website leads to malware installation, credential theft, or device takeover.

🟢

If Mitigated

Limited impact with proper network filtering, application sandboxing, and user awareness preventing successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Apple confirms active exploitation in the wild. Exploitation requires only visiting a malicious website.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3

Vendor Advisory: https://support.apple.com/en-us/HT214055

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript in Safari to prevent exploitation through web content.

Use Alternative Browser

all

Switch to browsers not based on WebKit (e.g., Firefox on macOS) until patched.

🧯 If You Can't Patch

  • Implement network filtering to block known malicious domains and restrict web browsing to trusted sites only.
  • Enable application sandboxing and least privilege access controls to limit potential damage from exploitation.

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About > Software Version.

Check Version:

On macOS: sw_vers -productVersion. On iOS/iPadOS/tvOS: Check in Settings > General > About.

Verify Fix Applied:

Confirm Software Version shows iOS 17.3+, iPadOS 17.3+, macOS Sonoma 14.3+, or tvOS 17.3+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Safari/WebKit process crashes
  • Suspicious network connections from browser processes
  • Unexpected privilege escalation

Network Indicators:

  • Connections to known exploit domains
  • Unusual outbound traffic patterns from affected devices

SIEM Query:

source="apple_system_logs" AND (process="Safari" OR process="WebKit") AND (event="crash" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2024-23222
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-843
Published: January 23, 2024
Last Updated: November 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23222, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)