CVE-2024-23257

low-risk
Published 2024-03-08

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, visionOS 1.1. Processing an image may result in disclosure of process memory.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (4)

Affected Vendors

Apple

References (19)

https://support.apple.com/en-us/120880
https://support.apple.com/en-us/120883
https://support.apple.com/en-us/120884
https://support.apple.com/en-us/120886
https://support.apple.com/en-us/120895
Mailing List http://seclists.org/fulldisclosure/2024/Mar/21
Mailing List http://seclists.org/fulldisclosure/2024/Mar/22
Mailing List http://seclists.org/fulldisclosure/2024/Mar/23
Mailing List http://seclists.org/fulldisclosure/2024/Mar/26
Vendor Advisory https://support.apple.com/en-us/HT214082
Vendor Advisory https://support.apple.com/en-us/HT214083
Vendor Advisory https://support.apple.com/en-us/HT214084
Vendor Advisory https://support.apple.com/en-us/HT214085
Vendor Advisory https://support.apple.com/en-us/HT214087
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214085
https://support.apple.com/kb/HT214087
23
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 10/34 · Low