CVE-2024-23296
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 12, 2024
- Published Date
- March 05, 2024
- Last Updated
- February 13, 2025
- Vendor
- Apple
- Product
- iOS and iPadOS
- Description
- A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- Active
- Technical Impact
- Total
Exploit Status
- Exploited in the Wild
- Yes (added 2024-03-06 00:00:00 UTC) Source
References
https://support.apple.com/en-us/HT214081
https://support.apple.com/kb/HT214088
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214086
https://support.apple.com/kb/HT214087
http://seclists.org/fulldisclosure/2024/Mar/18
http://seclists.org/fulldisclosure/2024/Mar/21
http://seclists.org/fulldisclosure/2024/Mar/25
http://seclists.org/fulldisclosure/2024/Mar/24
http://seclists.org/fulldisclosure/2024/Mar/26
https://support.apple.com/kb/HT214107
http://seclists.org/fulldisclosure/2024/May/11
http://seclists.org/fulldisclosure/2024/May/13
https://support.apple.com/kb/HT214100
https://support.apple.com/kb/HT214118
http://seclists.org/fulldisclosure/2024/Jul/20
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-03-06 00:00:00 UTC |