EXECUTIVE SUMMARY
A critical zero-day vulnerability, tracked as CVE-2024-27834, has been identified in Apple's Safari web browser, affecting systems running macOS Monterey and macOS Ventura. Exploited during the Pwn2Own Vancouver hacking competition, this flaw enables attackers with arbitrary read and write capability to bypass Pointer Authentication, potentially leading to remote code execution. While security updates have been released, it remains unclear if other platforms such as iOS, iPadOS, macOS Sonoma, and visionOS have been patched. Users on affected macOS versions are advised to promptly update Safari through the System Settings to mitigate the risk of exploitation. The severity of this vulnerability underscores the importance of staying vigilant against emerging threats and promptly applying security patches to safeguard against potential utilize.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://www.bleepingcomputer.com/news/apple/apple-fixes-safari-webkit-zero-day-flaw-exploited-at-pwn2own/