{"api_version":"1","generated_at":"2026-04-22T16:07:20+00:00","cve":"CVE-2024-23222","urls":{"html":"https://cve.report/CVE-2024-23222","api":"https://cve.report/api/cve/CVE-2024-23222.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-23222","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-23222"},"summary":{"title":"CVE-2024-23222","description":"A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.","state":"PUBLISHED","assigner":"apple","published_at":"2024-01-23 01:15:11","updated_at":"2026-04-03 11:42:31"},"problem_types":["CWE-843","Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.","CWE-843 CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://support.apple.com/en-us/118479","name":"https://support.apple.com/en-us/118479","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Feb/6","name":"http://seclists.org/fulldisclosure/2024/Feb/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-02-02-2024-1 visionOS 1.0.2","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/34","name":"http://seclists.org/fulldisclosure/2024/Jan/34","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/40","name":"http://seclists.org/fulldisclosure/2024/Jan/40","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-9 tvOS 17.3","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT214055","name":"https://support.apple.com/en-us/HT214055","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/120310","name":"https://support.apple.com/en-us/120310","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214057","name":"https://support.apple.com/kb/HT214057","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120304","name":"https://support.apple.com/en-us/120304","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120309","name":"https://support.apple.com/en-us/120309","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214055","name":"https://support.apple.com/kb/HT214055","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214058","name":"https://support.apple.com/kb/HT214058","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214059","name":"https://support.apple.com/kb/HT214059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/126632","name":"https://support.apple.com/en-us/126632","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120305","name":"https://support.apple.com/en-us/120305","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214061","name":"https://support.apple.com/kb/HT214061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214056","name":"https://support.apple.com/kb/HT214056","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23222","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23222","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120311","name":"https://support.apple.com/en-us/120311","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214070","name":"https://support.apple.com/kb/HT214070","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214063","name":"https://support.apple.com/kb/HT214063","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120307","name":"https://support.apple.com/en-us/120307","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/HT214061","name":"https://support.apple.com/en-us/HT214061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/120339","name":"https://support.apple.com/en-us/120339","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/HT214059","name":"https://support.apple.com/en-us/HT214059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/27","name":":http://seclists.org/fulldisclosure/2024/Jan/27","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/33","name":":http://seclists.org/fulldisclosure/2024/Jan/33","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/36","name":":http://seclists.org/fulldisclosure/2024/Jan/36","refsource":"MITRE","tags":[],"title":"Full Disclosure: APPLE-SA-01-22-2024-5 macOS Sonoma 14.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/37","name":":http://seclists.org/fulldisclosure/2024/Jan/37","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/38","name":":http://seclists.org/fulldisclosure/2024/Jan/38","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2024/02/05/8","name":":http://www.openwall.com/lists/oss-security/2024/02/05/8","refsource":"MITRE","tags":[],"title":"oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT214056","name":":https://support.apple.com/en-us/HT214056","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214057","name":":https://support.apple.com/en-us/HT214057","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214058","name":":https://support.apple.com/en-us/HT214058","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214063","name":":https://support.apple.com/en-us/HT214063","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-23222","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23222","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apple","product":"Safari","version":"affected 17.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 15.8.7 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 16.7.5 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 17.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 12.7.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 13.6.4 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 14.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"tvOS","version":"affected 17.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"visionOS","version":"affected 1.0.2 custom","platforms":[]}],"timeline":[{"source":"ADP","time":"2024-01-23T00:00:00.000Z","lang":"en","value":"CVE-2024-23222 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"23222","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23222","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2024","cve_id":"23222","cve":"CVE-2024-23222","vendorProject":"Apple","product":"Multiple Products","vulnerabilityName":"Apple Multiple Products WebKit Type Confusion Vulnerability","dateAdded":"2024-01-23","shortDescription":"Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","dueDate":"2024-02-13","knownRansomwareCampaignUse":"Unknown","notes":"https://support.apple.com/en-us/HT214055,  https://support.apple.com/en-us/HT214056, https://support.apple.com/en-us/HT214057, https://support.apple.com/en-us/HT214058, https://support.apple.com/en-us/HT214059, https://support.apple.com/en-us/HT214061, https://support.apple.com/en-us/HT214063 ;  https://nvd.nist.gov/vuln/detail/CVE-2024-23222","cwes":"CWE-843","catalogVersion":"2026.04.21","updated_at":"2026-04-21 13:32:18"},"epss":{"cve_year":"2024","cve_id":"23222","cve":"CVE-2024-23222","epss":"0.008490000","percentile":"0.748950000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:42"},"legacy_qids":[{"cve":"CVE-2024-23222","qid":"200105","title":"Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-6631-1)"},{"cve":"CVE-2024-23222","qid":"284906","title":"Fedora Security Update for webkitgtk (FEDORA-2024-ca3f071aea)"},{"cve":"CVE-2024-23222","qid":"284994","title":"Fedora Security Update for webkitgtk (FEDORA-2024-97faaca23d)"},{"cve":"CVE-2024-23222","qid":"357104","title":"Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2024-2434"},{"cve":"CVE-2024-23222","qid":"379297","title":"Apple Safari Multiple Vulnerabilities (HT214056)"},{"cve":"CVE-2024-23222","qid":"379298","title":"Apple macOS Ventura 13.6.4 Not Installed (HT214058)"},{"cve":"CVE-2024-23222","qid":"379299","title":"Apple macOS Sonoma 14.3 Not Installed (HT214061)"},{"cve":"CVE-2024-23222","qid":"379300","title":"Apple macOS Monterey 12.7.3 Not Installed (HT214057)"},{"cve":"CVE-2024-23222","qid":"6000472","title":"Debian Security Update for webkit2gtk (DSA 5618-1)"},{"cve":"CVE-2024-23222","qid":"610538","title":"Apple iOS 17.3 and iPadOS 17.3 Security Update Missing (HT214059)"},{"cve":"CVE-2024-23222","qid":"610539","title":"Apple iOS 16.7.5 and iPadOS 16.7.5 Security Update Missing (HT214063)"},{"cve":"CVE-2024-23222","qid":"755687","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0301-1)"},{"cve":"CVE-2024-23222","qid":"755770","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0519-1)"},{"cve":"CVE-2024-23222","qid":"755789","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0545-1)"},{"cve":"CVE-2024-23222","qid":"755802","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0548-1)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-04T18:24:33.934Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214059"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214055"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214061"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214063"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214059"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214057"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214058"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214061"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214055"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214056"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/"},{"url":"http://seclists.org/fulldisclosure/2024/Feb/6"},{"url":"https://support.apple.com/kb/HT214070"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/40"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/34"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2024-23222","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-02-01T05:00:05.997000Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2024-01-23","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23222"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-843","description":"CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-21T23:05:27.216Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23222"}],"timeline":[{"lang":"en","time":"2024-01-23T00:00:00.000Z","value":"CVE-2024-23222 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"Safari","vendor":"Apple","versions":[{"lessThan":"17.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"iOS and iPadOS","vendor":"Apple","versions":[{"lessThan":"15.8.7","status":"affected","version":"0","versionType":"custom"},{"lessThan":"16.7.5","status":"affected","version":"0","versionType":"custom"},{"lessThan":"17.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"macOS","vendor":"Apple","versions":[{"lessThan":"12.7.3","status":"affected","version":"0","versionType":"custom"},{"lessThan":"13.6.4","status":"affected","version":"0","versionType":"custom"},{"lessThan":"14.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"tvOS","vendor":"Apple","versions":[{"lessThan":"17.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"visionOS","vendor":"Apple","versions":[{"lessThan":"1.0.2","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version."}],"problemTypes":[{"descriptions":[{"description":"Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T18:26:21.625Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"url":"https://support.apple.com/en-us/118479"},{"url":"https://support.apple.com/en-us/120304"},{"url":"https://support.apple.com/en-us/120305"},{"url":"https://support.apple.com/en-us/120307"},{"url":"https://support.apple.com/en-us/120309"},{"url":"https://support.apple.com/en-us/120310"},{"url":"https://support.apple.com/en-us/120311"},{"url":"https://support.apple.com/en-us/120339"},{"url":"https://support.apple.com/en-us/126632"}]}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2024-23222","datePublished":"2024-01-23T00:25:37.095Z","dateReserved":"2024-01-12T22:22:21.478Z","dateUpdated":"2026-04-02T18:26:21.625Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-01-23 01:15:11","lastModifiedDate":"2026-04-03 11:42:31","problem_types":["CWE-843","Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.","CWE-843 CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"3D6F41D4-58ED-4E0B-90B4-3EDDB7CEA240"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"15.8.7","matchCriteriaId":"1E574928-4E49-45B0-AE6E-DF4D38897F67"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0","versionEndExcluding":"16.7.5","matchCriteriaId":"6C754C13-F742-4697-8E03-277B0D762C61"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"17.3","matchCriteriaId":"7DFDDBEC-015C-4AC6-A2B8-387839CEDCCE"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"15.8.7","matchCriteriaId":"D1E9DC1A-618A-4CAF-96C7-EC5BA2C1F617"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0","versionEndExcluding":"16.7.5","matchCriteriaId":"51A161C8-A96D-48C5-8E8E-180DFF5A6F48"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"17.3","matchCriteriaId":"FD699999-B0F0-41D0-AE33-E7E4AA3C0F90"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.7.3","matchCriteriaId":"ECD0F581-7DA4-428A-A1F5-C9A86DDD99D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.6.4","matchCriteriaId":"A3916CD8-E6D5-4786-903E-B86026859CE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.3","matchCriteriaId":"79ADFEBE-99EE-4F01-9AE8-489EB41885D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"921307BF-8419-42C7-9B2C-8DD643723E38"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.2","matchCriteriaId":"192B29EB-3DC2-48B9-BA87-50033A2CFF01"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"23222","Ordinal":"1","Title":"CVE-2024-23222","CVE":"CVE-2024-23222","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"23222","Ordinal":"1","NoteData":"A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.","Type":"Description","Title":"CVE-2024-23222"}]}}}