On January 22, 2024, Apple released patches for CVE-2024-23222, a confusion bug in the WebKit browser engine which may lead to arbitrary code execution when processing maliciously crafted web content. There is presently no assigned CVSS for this vulnerability in the NIST NVD.
Safari 17.3 running macOS Monterey and macOS Ventura
There are reports of this vulnerability being actively exploited in the wild.