CVE-2024-23225
HIGH KEVApple Ipados < 16.7.6 - Out-of-Bounds Write
Title source: ruleDescription
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References (26)
... and 6 more
Scores
CVSS v3
7.8
EPSS
0.0019
EPSS Percentile
40.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2024-03-06
VulnCheck KEV
2024-03-05
InTheWild.io
2024-03-05
ENISA EUVD
EUVD-2024-20744
CWE
CWE-787
Status
published
Products (14)
Apple/iOS and iPadOS
< 16.7.6
Apple/iOS and iPadOS
< 17.4
apple/ipados
< 16.7.6
apple/iphone_os
< 16.7.6
Apple/macOS
< 12.7.4
Apple/macOS
< 13.6.5
Apple/macOS
< 14.4
apple/macos
12.0 - 12.7.4
apple/tvos
< 17.4
Apple/tvOS
< 17.4
... and 4 more
Published
Mar 05, 2024
KEV Added
Mar 06, 2024
Tracked Since
Feb 18, 2026