CVE-2024-23212
First published: Mon Jan 22 2024(Updated: )
Apple Neural Engine. The issue was addressed with improved memory handling.
Credit: Ye Zhang Baidu SecurityClemens Lang fmyy @binary_fmyy TIANGONG Team of Legendsec at QIlime TIANGONG Team of Legendsec at QIKoh M. Nakagawa FFRI Security Incan anonymous researcher Noah Roskin-Frazee Pr Ian de Marcellus Mark Bowers Jubaer Alnazi @h33tjubaer Kirin @Pwnrin Zhongquan Li @Guluisacat Wangtaiyu Zhongfu infoJames Lee @Windowsrcer product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.7.3 | 12.7.3 |
| Apple macOS | <14.3 | 14.3 |
| Apple macOS | <13.6.4 | 13.6.4 |
| tvOS | <17.3 | 17.3 |
| Apple iOS, iPadOS, and watchOS | >16.0<16.7.5 | |
| Apple iOS, iPadOS, and watchOS | >17.0<17.3 | |
| iOS | >16.0<16.7.5 | |
| iOS | >17.0<17.3 | |
| Apple iOS and macOS | >=12.0<12.7.3 | |
| Apple iOS and macOS | >=13.0<13.6.4 | |
| Apple iOS and macOS | >=14.0<14.3 | |
| tvOS | <17.3 | |
| Apple iOS, iPadOS, and watchOS | <10.3 | |
| Apple iOS, iPadOS, and watchOS | <10.3 | 10.3 |
| Apple iOS, iPadOS, and watchOS | <17.3 | 17.3 |
| Apple iOS, iPadOS, and watchOS | <17.3 | 17.3 |
| Apple iOS, iPadOS, and watchOS | <16.7.5 | 16.7.5 |
| Apple iOS, iPadOS, and watchOS | <16.7.5 | 16.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214058 (Advisory)
- https://support.apple.com/en-us/HT214059 (Advisory)
- https://support.apple.com/en-us/HT214063 (Advisory)
- https://support.apple.com/en-us/HT214055 (Advisory)
- https://support.apple.com/en-us/HT214060 (Advisory)
- https://support.apple.com/en-us/HT214061 (Advisory)
- https://support.apple.com/en-us/HT214057 (Advisory)
- http://seclists.org/fulldisclosure/2024/Jan/33
- http://seclists.org/fulldisclosure/2024/Jan/36
- http://seclists.org/fulldisclosure/2024/Jan/34
- http://seclists.org/fulldisclosure/2024/Jan/37
- http://seclists.org/fulldisclosure/2024/Jan/38
- http://seclists.org/fulldisclosure/2024/Jan/39
- http://seclists.org/fulldisclosure/2024/Jan/40
- https://support.apple.com/kb/HT214057
- https://support.apple.com/kb/HT214063
- https://support.apple.com/kb/HT214059
- https://support.apple.com/kb/HT214058
- https://support.apple.com/en-us/120306 (Advisory)
- https://support.apple.com/kb/HT214055
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-42937
- CVE-2024-23212
- CVE-2023-38545
- CVE-2023-38039
- CVE-2023-38546
- CVE-2023-42888
- CVE-2024-23207
- CVE-2024-27791
- CVE-2024-23222
- CVE-2024-23218
- CVE-2024-23224
- CVE-2024-23208
- CVE-2024-23201
- CVE-2024-23209
- CVE-2024-23223
- CVE-2024-23211
- CVE-2024-23203
- CVE-2024-23204
- CVE-2024-23217
- CVE-2024-23215
- CVE-2024-23210
- CVE-2024-23206
- CVE-2024-23213
- CVE-2024-23214
- CVE-2024-23271
- CVE-2023-40528
- CVE-2023-42935
- CVE-2023-42887
- CVE-2024-23228
- CVE-2024-23219
Frequently Asked Questions
What is the severity of CVE-2024-23212?
The severity of CVE-2024-23212 has not been officially assigned but it involves memory handling improvements by Apple.
How do I fix CVE-2024-23212?
To fix CVE-2024-23212, update to the latest versions of the affected Apple software, including iOS 17.3, iPadOS 17.3, watchOS 10.3, tvOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, and macOS Monterey 12.7.3.
Which Apple products are affected by CVE-2024-23212?
CVE-2024-23212 affects a range of Apple products, including iOS, iPadOS, watchOS, tvOS, and various versions of macOS.
When was CVE-2024-23212 publicly disclosed?
CVE-2024-23212 was publicly disclosed with updates included in watchOS 10.3, tvOS 17.3, iOS 17.3, iPadOS 17.3, and macOS versions 14.3, 13.6.4, and 12.7.3.
What types of issues does CVE-2024-23212 address?
CVE-2024-23212 addresses issues related to improved memory handling within the Apple Neural Engine.
- agent/first-publish-date
- agent/type
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- alias/CVE-2024-23218
- alias/CVE-2024-23208
- alias/CVE-2024-23201
- alias/CVE-2024-23207
- alias/CVE-2024-23223
- alias/CVE-2024-23211
- alias/CVE-2024-23204
- alias/CVE-2024-23217
- alias/CVE-2024-23215
- alias/CVE-2024-23210
- alias/CVE-2024-23206
- alias/CVE-2024-23213
- alias/CVE-2024-23271
- vendor/apple
- canonical/apple macos monterey
- canonical/apple macos
- canonical/tvos
- canonical/apple ios, ipados, and watchos
- canonical/ios
- canonical/apple ios and macos
- version/apple ios and macos/12.0
- version/apple ios and macos/13.0
- version/apple ios and macos/14.0