CVE-2024-23225

moderate-risk
Published 2024-03-05

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (6)

Affected Vendors

Apple

References (26)

Release Notes https://support.apple.com/en-us/120880
Release Notes https://support.apple.com/en-us/120881
Release Notes https://support.apple.com/en-us/120882
Release Notes https://support.apple.com/en-us/120883
Release Notes https://support.apple.com/en-us/120884
Release Notes https://support.apple.com/en-us/120886
Release Notes https://support.apple.com/en-us/120893
Release Notes https://support.apple.com/en-us/120895
Mailing List http://seclists.org/fulldisclosure/2024/Mar/18
Mailing List http://seclists.org/fulldisclosure/2024/Mar/19
Mailing List http://seclists.org/fulldisclosure/2024/Mar/21
Mailing List http://seclists.org/fulldisclosure/2024/Mar/22
Mailing List http://seclists.org/fulldisclosure/2024/Mar/23
Mailing List http://seclists.org/fulldisclosure/2024/Mar/24
Mailing List http://seclists.org/fulldisclosure/2024/Mar/25
Mailing List http://seclists.org/fulldisclosure/2024/Mar/26
Vendor Advisory https://support.apple.com/en-us/HT214081
Vendor Advisory https://support.apple.com/en-us/HT214082
Vendor Advisory https://support.apple.com/kb/HT214082
Vendor Advisory https://support.apple.com/kb/HT214083
and 6 more references
45
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 8/34 · Low
Exposure 13/34 · Low