Apple fixes urgent zero-day flaw with iOS 17.3 — update your iPhone right now

iPhone 15 Pro Max shown in hand
(Image credit: Tom's Guide)

After Google patched its first zero-day flaw this year, Apple has now released security updates to address a serious  vulnerability that impacts iPhones, Macs and even Apple TVs.

As reported by BleepingComputer, Cupertino’s first zero-day flaw of 2024 (tracked as CVE-2024-23222) is a WebKit confusion issue that can be exploited by hackers to execute arbitrary code on impacted Apple devices. This can only occur once an attacker tricks unsuspecting iPhone or Mac users into opening a malicious site on their devices though.

In a security notice on its site, Apple explains that it is “aware of a report that this issue may have been exploited” by attackers. Surprisingly though, the company has not attributed the discovery of this new zero-day to a particular security researcher yet.

Fortunately, Apple has fixed this flaw with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, macOS Monterey 12.7.3 and higher and in tvOS 17.3 and higher. If you own one of the impacted devices, you need to install these new security updates as soon as possible to avoid falling victim to any attacks exploiting this vulnerability.

Impacted Apple devices

MacBook Air M2 2022

(Image credit: Tom's Guide)

As WebKit is Apple’s own browser engine that powers Safari, Mail, the App Store and many other macOS and iOS apps, the list of devices impacted by this zero-day is quite extensive.

For instance, the best iPhones from the iPhone XS on are vulnerable as is the iPad Pro 12.9-inch 2nd generation and later, the iPad Pro 10.5 inch, the iPad Pro 11-inch 1st generation and later, the iPad Air 3rd generation and later, the iPad 6th generation and later and the iPad mini 5th generation and later. When it comes to the best MacBooks and other Apple computers, Macs running macOS Monterey and later are impacted too as are all Apple TV HD and Apple TV 4K models.

Just like with previous Apple zero-days, this one will likely only be used in targeted attacks against high-profile individuals like politicians, journalists and business owners. Still though, vulnerabilities like this one could be used against ordinary people which is why you should update your Apple devices as soon as possible.

How to keep your iPhone and Mac safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

When it comes to keeping your Apple devices protected, the first and most important thing you can do is to install new updates when they become available. Besides exciting new features like Stolen Device Protection, these updates also contain important security fixes.

While Macs ship with Apple’s own antivirus software in the form of XProtect, you should also consider using the best Mac antivirus software alongside it for additional protection. As for your iPhone, there’s no equivalent to the best Android antivirus apps for iOS due to the company’s own restrictions on malware scanning. However, both Intego Mac Premium Bundle X9 and Intego Mac Internet Security X9 can scan an iPhone or iPad for malware when they’re connected to a Mac via a USB cable. 

Given that Apple is open to working with security researchers from all sorts of different companies (Google included) to find flaws in its products, this likely won’t be the last zero-day vulnerability we see the company patch this year. In fact, last year, Apple patched a total of 20 zero-day flaws.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.