CVE-2024-23265
08.03.2024, 02:15
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.Enginsight
| Vendor | Product | Version |
|---|---|---|
| apple | ipados | 𝑥 < 16.7.6 |
| apple | ipados | 17.0 ≤ 𝑥 < 17.4 |
| apple | iphone_os | 𝑥 < 16.7.6 |
| apple | iphone_os | 17.0 ≤ 𝑥 < 17.4 |
| apple | macos | 12.0 ≤ 𝑥 < 12.7.4 |
| apple | macos | 13.0 ≤ 𝑥 < 13.6.5 |
| apple | macos | 14.0 ≤ 𝑥 < 14.4 |
| apple | tvos | 𝑥 < 17.4 |
| apple | visionos | 𝑥 < 1.1 |
| apple | watchos | 𝑥 < 10.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
References