CVE-2024-23222

CVE Database · CVE-2024-23222

CVE-2024-23222

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

10.59%

Published

Jan 22, 2024

Modified

Apr 3, 2026

CISA Known Exploited Vulnerability

Added: 2024-01-23 · Due: 2024-02-13

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (4)

All weaponized →

TrickestTrickest PoC index GitHub PoCFuzzySecurity/Cassowary-CVE-2024-23222-x86_64★10 GitHub PoCRohitberiwala/CVE-2024-23222-Coruna-Exploit-Kit-Deobfuscated★5 GitHub PoCMeysamshiralii/coruna_analysis★2

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-843CWE-843

Affected Products (12)

apple · safari (up to 17.3)vulnerable

apple · ipados (up to 15.8.7)vulnerable

apple · ipados (up to 16.7.5)vulnerable

apple · ipados (up to 17.3)vulnerable

apple · iphone_os (up to 15.8.7)vulnerable

apple · iphone_os (up to 16.7.5)vulnerable

apple · iphone_os (up to 17.3)vulnerable