Zero-Click Apple Shortcuts Vulnerability - 20240223002 (wagov#533)

Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
LSerki · Feb 23, 2024 · 2914c5a · 2914c5a
1 parent 813e6c6
commit 2914c5a
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/docs/advisories/20240223002-Zero-Click-Apple-Shortcuts-Vulnerability.md b/docs/advisories/20240223002-Zero-Click-Apple-Shortcuts-Vulnerability.md
@@ -0,0 +1,24 @@
+# Zero-Click Apple Shortcuts Vulnerability - 20240223002
+
+## Overview
+
+Apple iOS released a number of vulnerabilities that could potentially execute arbitrary code on Apple products. Apple was made aware of a report indicating potential exploitation of this vulnerability.
+
+## What is vulnerable?
+
+| Product(s) Affected | CVE | Severity     | CVSS | Exploit exists |
+| ------------------- | ------- | ------------ | ---- | --- |
+| **versions before <br> tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, <br> Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, visionOS 1.0.2** | **[CVE-2024-23222](https://nvd.nist.gov/vuln/detail/CVE-2024-23222)** | **High** | **8.8** | Yes| 
+| **versions before <br> macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3** | **[CVE-2024-23204](https://nvd.nist.gov/vuln/detail/CVE-2024-23204)** | **High** | **7.5** | No |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Apple security releases](https://support.apple.com/en-us/HT201222)
+
+