CVE-2024-23225

HIGH KEV

iPadOS < 16.7.6 - Memory Corruption via Improved Validation

Title source: llm

Exploitation Summary

CVE-2024-23225 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 6, 2024.

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

References (26)

Core 26

Core References

https://support.apple.com/en-us/120880

https://support.apple.com/en-us/120881

https://support.apple.com/en-us/120882

https://support.apple.com/en-us/120883

https://support.apple.com/en-us/120884

https://support.apple.com/en-us/120886

https://support.apple.com/en-us/120893

https://support.apple.com/en-us/120895

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/18

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/19

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/21

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/22

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/23

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/24

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/25

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/26

Vendor Advisory

https://support.apple.com/en-us/HT214081

Vendor Advisory

https://support.apple.com/en-us/HT214082

Vendor Advisory

https://support.apple.com/kb/HT214083

Vendor Advisory

https://support.apple.com/kb/HT214084

Vendor Advisory

https://support.apple.com/kb/HT214085

Vendor Advisory

https://support.apple.com/kb/HT214086

Vendor Advisory

https://support.apple.com/kb/HT214087

Vendor Advisory

https://support.apple.com/kb/HT214088

Vendor Advisory

https://support.apple.com/kb/HT214082

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 45.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2024-03-06

VulnCheck KEV 2024-03-05

InTheWild.io 2024-03-05

ENISA EUVD EUVD-2024-20744

CWE

CWE-787

Status published

Products (14)

Apple/iOS and iPadOS < 16.7.6

Apple/iOS and iPadOS < 17.4

apple/ipados < 16.7.6

apple/iphone_os < 16.7.6

Apple/macOS < 12.7.4

Apple/macOS < 13.6.5

Apple/macOS < 14.4

apple/macos 12.0 - 12.7.4

apple/tvos < 17.4

Apple/tvOS < 17.4

... and 4 more

Published Mar 05, 2024

KEV Added Mar 06, 2024

Tracked Since Feb 18, 2026