A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Configurations
Configuration 1 (hide)
|
History
23 May 2024, 17:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2024/Mar/18 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Mar/19 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Mar/22 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Mar/23 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Mar/24 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Mar/25 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Mar/26 - Mailing List, Third Party Advisory |
13 Mar 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Mar 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Mar 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Mar 2024, 17:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
First Time |
Apple macos
Apple tvos Apple visionos Apple watchos |
|
References | () https://support.apple.com/kb/HT214083 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214084 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214085 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214086 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214087 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214088 - Vendor Advisory |
07 Mar 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Mar 2024, 17:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.apple.com/en-us/HT214081 - Vendor Advisory | |
References | () https://support.apple.com/en-us/HT214082 - Vendor Advisory | |
First Time |
Apple ipad Os
Apple Apple iphone Os |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* |
|
CWE | CWE-787 |
06 Mar 2024, 15:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Mar 2024, 20:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-05 20:16
Updated : 2024-08-14 17:00
NVD link : CVE-2024-23225
Mitre link : CVE-2024-23225
CVE.ORG link : CVE-2024-23225
JSON object : View
Products Affected
apple
- ipad_os
- macos
- watchos
- tvos
- iphone_os
- visionos
CWE
CWE-787
Out-of-bounds Write