CVE-2024-23296

HIGH KEV

Apple Ipados < 16.7.8 - Out-of-Bounds Write

Title source: rule

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Exploits (1)

nomisec WRITEUP
by SimoesCTT · poc
https://github.com/SimoesCTT/lCTT-Apple-Silicon--Resonance-Vulnerability-CVE-2024-23296

References (26)

... and 6 more

Scores

CVSS v3 7.8
EPSS 0.0020
EPSS Percentile 42.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-03-06
VulnCheck KEV 2024-03-05
InTheWild.io 2024-03-06
ENISA EUVD EUVD-2024-20815
CWE
CWE-787
Status published
Products (14)
Apple/iOS and iPadOS < 16.7.8
Apple/iOS and iPadOS < 17.4
apple/ipados < 16.7.8
apple/iphone_os < 16.7.8
Apple/macOS < 12.7.6
Apple/macOS < 13.6.7
Apple/macOS < 14.4
apple/macos 12.0 - 12.7.6
apple/tvos < 17.4
Apple/tvOS < 17.4
... and 4 more
Published Mar 05, 2024
KEV Added Mar 06, 2024
Tracked Since Feb 18, 2026