CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 13, 2024
Description
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
EPSS — Exploit Probability
Higher than 72.9% of all CVEs
Required Action
https://support.apple.com/en-us/HT214055, https://support.apple.com/en-us/HT214056, https://support.apple.com/en-us/HT214057, https://support.apple.com/en-us/HT214058, https://support.apple.com/en-us/HT214059, https://support.apple.com/en-us/HT214061, https://support.apple.com/en-us/HT214063 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23222
Related Articles (5)
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.
Mar 4, 2026
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Apple backports CVE-2023-43010 WebKit fix after Coruna exploit kit abused iOS flaws, protecting older iPhones and iPads from memory corruption attacks
Mar 12, 2026
Apple Updates Legacy iOS Versions to Patch Coruna Exploits
The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities.
Mar 12, 2026
Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.
Mar 12, 2026
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple fixes WebKit CVE-2026-20643 in iOS 26.3.1, macOS 26.3.2 using background patches, reducing exploit risk.
Mar 18, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 0.7%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 5
Timeline
Published
Jan 23, 2024
Added to KEV
Jan 23, 2024
Remediation Due
Feb 13, 2024