CVE-2024-23212

HIGH

iPadOS 16.0-16.7.5 - Remote Code Execution with Kernel Privileges

Title source: llm
STIX 2.1

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges.

References (24)

Core 24
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214055
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214057
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214058
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214059
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214060
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214063

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 10.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (12)
Apple/iOS and iPadOS < 16.7.5
Apple/iOS and iPadOS < 17.3
apple/ipados 16.0 - 16.7.5
apple/iphone_os 16.0 - 16.7.5
Apple/macOS < 12.7.3
Apple/macOS < 13.6.4
Apple/macOS < 14.3
apple/macos 12.0 - 12.7.3
apple/tvos < 17.3
Apple/tvOS < 17.3
... and 2 more
Published Jan 23, 2024
Tracked Since Feb 18, 2026