CVE-2024-23225

EUVD-2024-20744
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
appleipados
𝑥
< 16.7.6
appleipados
17.0 ≤
𝑥
< 17.4
appleiphone_os
𝑥
< 16.7.6
appleiphone_os
17.0 ≤
𝑥
< 17.4
applemacos
12.0 ≤
𝑥
< 12.7.4
applemacos
13.0 ≤
𝑥
< 13.6.5
applemacos
14.0 ≤
𝑥
< 14.4
appletvos
𝑥
< 17.4
applevisionos
𝑥
< 1.1
applewatchos
𝑥
< 10.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
appleipad_os
17.0 ≤
𝑥
< 17.4
ADP
appleipad_os
𝑥
< 16.7.6
ADP
appleiphone_os
𝑥
< 16.7.6
ADP
appleiphone_os
17.0 ≤
𝑥
< 17.4
ADP
applemacos
12.0.0 ≤
𝑥
< 12.7.4
ADP
applemacos
13.0 ≤
𝑥
< 13.6.5
ADP
applemacos
14.0 ≤
𝑥
< 14.4
ADP
appletvos
𝑥
< 17.4
ADP
applevisionos
𝑥
< 1.1
ADP
applewatchos
𝑥
< 10.4
ADP
Common Weakness Enumeration
References
https://support.apple.com/en-us/120880
https://support.apple.com/en-us/120881
https://support.apple.com/en-us/120882
https://support.apple.com/en-us/120883
https://support.apple.com/en-us/120884
https://support.apple.com/en-us/120886
https://support.apple.com/en-us/120893
https://support.apple.com/en-us/120895
http://seclists.org/fulldisclosure/2024/Mar/18
http://seclists.org/fulldisclosure/2024/Mar/19
http://seclists.org/fulldisclosure/2024/Mar/21
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
http://seclists.org/fulldisclosure/2024/Mar/24
http://seclists.org/fulldisclosure/2024/Mar/25
http://seclists.org/fulldisclosure/2024/Mar/26
https://support.apple.com/en-us/HT214081
https://support.apple.com/en-us/HT214082
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214085
https://support.apple.com/kb/HT214086
https://support.apple.com/kb/HT214087
https://support.apple.com/kb/HT214088
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225