CVE-2024-23222

HIGH KEV

Apple Tvos < 17.3 - Type Confusion

Title source: rule

Description

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.

Exploits (3)

nomisec SUSPICIOUS
by Meysamshiralii · poc
https://github.com/Meysamshiralii/coruna_analysis
nomisec WRITEUP
by FuzzySecurity · poc
https://github.com/FuzzySecurity/Cassowary-CVE-2024-23222-x86_64
nomisec WRITEUP
by Rohitberiwala · poc
https://github.com/Rohitberiwala/CVE-2024-23222-Coruna-Exploit-Kit-Deobfuscated

References (25)

... and 5 more

Scores

CVSS v3 8.8
EPSS 0.0056
EPSS Percentile 68.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-01-23
VulnCheck KEV 2024-01-22
InTheWild.io 2024-01-22
ENISA EUVD EUVD-2024-20741
CWE
CWE-843
Status published
Products (15)
Apple/iOS and iPadOS < 15.8.7
Apple/iOS and iPadOS < 16.7.5
Apple/iOS and iPadOS < 17.3
apple/ipados < 16.7.5
apple/iphone_os < 16.7.5
apple/macos < 12.7.3
Apple/macOS < 12.7.3
Apple/macOS < 13.6.4
Apple/macOS < 14.3
Apple/Safari < 17.3
... and 5 more
Published Jan 23, 2024
KEV Added Jan 23, 2024
Tracked Since Feb 18, 2026