CVE-2024-23222

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Уязвимость выполнения произвольного кода из-за путаницы типов при обработке специально созданного веб-контента в iOS, iPadOS, macOS и tvOS

Описание

Проблема путаницы типов была устранена путем улучшения проверок. Обработка специально созданного веб-контента могла привести к выполнению произвольного кода. Apple известно о том, что эта проблема может быть эксплуатирована.

Затронутые версии ПО

iOS < 17.3
iPadOS < 17.3
macOS Sonoma < 14.3
tvOS < 17.3

Тип уязвимости

Выполнение произвольного кода

Ссылки

https://support.apple.com/en-us/HT214055
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214059
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214061
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214055
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214056
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214057
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214058
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214059
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214061
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214063
Release Notes
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Feb/6
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/34
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/40
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/
Broken Link
https://support.apple.com/en-us/HT214055
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214059
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214061
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214055
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214056
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214057
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 16.7.5 (исключая)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.3 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 16.7.5 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.3 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия до 12.7.3 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.6.4 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.3 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 17.3 (исключая)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Версия до 1.0.2 (исключая)

EPSS

Процентиль: 44%

0.00216

Низкий

8.8 High

CVSS3

Дефекты

CWE-843

Связанные уязвимости

CVE-2024-23222

CVSS3: 8.8

ubuntu

около 2 лет назад

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

CVE-2024-23222

CVSS3: 8.8

redhat

около 2 лет назад

CVE-2024-23222

CVSS3: 8.8

debian

около 2 лет назад

A type confusion issue was addressed with improved checks. This issue ...

SUSE-SU-2024:0301-1

suse-cvrf

около 2 лет назад

Security update for webkit2gtk3

GHSA-93px-8x98-j7p2

CVSS3: 8.8

github

около 2 лет назад

A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

EPSS

Процентиль: 44%

0.00216

Низкий

8.8 High

CVSS3

Дефекты

CWE-843