CVE-2024-23296
Last modified
CVE-2024-23296 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. CISA has confirmed active exploitation in the wild. EPSS estimates a 1.41% chance of exploitation in the next 30 days.
Description
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 16.7.8 |
| Apple | Ipados | >= 17.0, < 17.4 |
| Apple | Iphone Os | < 16.7.8 |
| Apple | Iphone Os | >= 17.0, < 17.4 |
| Apple | Macos | >= 12.0, < 12.7.6 |
| Apple | Macos | >= 13.0, < 13.6.7 |
| Apple | Macos | >= 14.0, < 14.4 |
| Apple | Tvos | < 17.4 |
| Apple | Visionos | < 1.1 |
| Apple | Watchos | < 10.4 |
References
- https://support.apple.com/en-us/120881Release Notes, Vendor Advisory
- https://support.apple.com/en-us/120882Release Notes, Vendor Advisory
- https://support.apple.com/en-us/120883Release Notes, Vendor Advisory
- https://support.apple.com/en-us/120893Release Notes, Vendor Advisory
- https://support.apple.com/en-us/120895Release Notes, Vendor Advisory
- https://support.apple.com/en-us/120898Release Notes, Vendor Advisory
- https://support.apple.com/en-us/120900Release Notes, Vendor Advisory
- https://support.apple.com/en-us/120910Release Notes, Vendor Advisory
- http://seclists.org/fulldisclosure/2024/Jul/20Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Mar/18Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Mar/21Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Mar/24Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Mar/25Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Mar/26Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/May/11Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/May/13Mailing List, Third Party Advisory
- https://support.apple.com/en-us/HT214081Vendor Advisory
- https://support.apple.com/kb/HT214081Vendor Advisory
- https://support.apple.com/kb/HT214084Vendor Advisory
- https://support.apple.com/kb/HT214086Vendor Advisory
- https://support.apple.com/kb/HT214087Vendor Advisory
- https://support.apple.com/kb/HT214088Vendor Advisory
- https://support.apple.com/kb/HT214100Vendor Advisory
- https://support.apple.com/kb/HT214107Vendor Advisory
- https://support.apple.com/kb/HT214118Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-23296?
How severe is CVE-2024-23296?
How do I fix CVE-2024-23296?
Are you affected by CVE-2024-23296?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST