Zero-Click Apple Shortcuts Vulnerability - 20240223002¶
Overview¶
Apple iOS released a number of vulnerabilities that could potentially execute arbitrary code on Apple products. Apple was made aware of a report indicating potential exploitation of this vulnerability.
What is vulnerable?¶
| Product(s) Affected | CVE | Severity | CVSS | Exploit exists |
|---|---|---|---|---|
| versions before tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, visionOS 1.0.2 |
CVE-2024-23222 | High | 8.8 | Yes |
| versions before macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3 |
CVE-2024-23204 | High | 7.5 | No |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):