CVE-2024-23214
First published: Mon Jan 22 2024(Updated: )
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <14.3 | 14.3 |
| Apple iOS, iPadOS, and watchOS | <17.3 | 17.3 |
| Apple iOS, iPadOS, and watchOS | <17.3 | 17.3 |
| Apple iOS, iPadOS, and watchOS | <16.7.5 | 16.7.5 |
| Apple iOS, iPadOS, and watchOS | <16.7.5 | 16.7.5 |
| Apple iOS, iPadOS, and watchOS | >16.0<16.7.5 | |
| Apple iOS, iPadOS, and watchOS | >17.0<17.3 | |
| iStyle @cosme iPhone OS | >16.0<16.7.5 | |
| iStyle @cosme iPhone OS | >17.0<17.3 | |
| Apple iOS and macOS | >=14.0<14.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214063 (Advisory)
- https://support.apple.com/en-us/HT214061 (Advisory)
- https://support.apple.com/en-us/HT214059 (Advisory)
- https://support.apple.com/kb/HT214063
- https://support.apple.com/kb/HT214061
- http://seclists.org/fulldisclosure/2024/Jan/33
- http://seclists.org/fulldisclosure/2024/Jan/36
- http://seclists.org/fulldisclosure/2024/Jan/34
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23212
- CVE-2024-23218
- CVE-2024-23224
- CVE-2024-23208
- CVE-2024-23201
- CVE-2024-23209
- CVE-2024-23207
- CVE-2024-23223
- CVE-2024-27791
- CVE-2024-23211
- CVE-2024-23203
- CVE-2024-23204
- CVE-2024-23217
- CVE-2024-23215
- CVE-2024-23210
- CVE-2024-23206
- CVE-2024-23213
- CVE-2024-23214
- CVE-2024-23222
- CVE-2024-23271
- CVE-2024-23228
- CVE-2024-23219
- CVE-2023-42937
- CVE-2023-42888
Frequently Asked Questions
What is the severity of CVE-2024-23214?
CVE-2024-23214 is considered a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2024-23214?
To fix CVE-2024-23214, update affected devices to macOS Sonoma 14.3, iOS 16.7.5, iPadOS 16.7.5, iOS 17.3, or iPadOS 17.3.
What types of devices are affected by CVE-2024-23214?
CVE-2024-23214 affects Apple's macOS, iOS, and iPadOS operating systems across specific versions.
What are the consequences of CVE-2024-23214?
Exploitation of CVE-2024-23214 may lead to arbitrary code execution through maliciously crafted web content.
When was CVE-2024-23214 disclosed?
CVE-2024-23214 was disclosed as part of security updates addressing multiple memory corruption issues.
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/event
- agent/severity
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/references
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/apple macos
- canonical/apple ios, ipados, and watchos
- canonical/istyle @cosme iphone os
- canonical/apple ios and macos
- version/apple ios and macos/14.0