CVE-2024-23225: Apple Multiple Products Memory Corruption Vulnerability
First published: Tue Mar 05 2024(Updated: )
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Credit: CVE-2024-23225 CVE-2024-23225 product-security@apple.com CVE-2024-23225 CVE-2024-23225 CVE-2024-23225 CVE-2024-23225 CVE-2024-23225
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.7.6 | 16.7.6 |
| Apple iPadOS | <16.7.6 | 16.7.6 |
| Apple watchOS | <10.4 | 10.4 |
| Apple tvOS | <17.4 | 17.4 |
| Apple visionOS | <1.1 | 1.1 |
| Apple macOS Monterey | <12.7.4 | 12.7.4 |
| Apple iOS | <17.4 | 17.4 |
| Apple iPadOS | <17.4 | 17.4 |
| Apple Multiple Products | ||
| Apple iPadOS | <16.7.6 | |
| Apple iPadOS | >=17.0<17.4 | |
| Apple iPhone OS | <16.7.6 | |
| Apple iPhone OS | >=17.0<17.4 | |
| Apple macOS | >=12.0<12.7.4 | |
| Apple macOS | >=13.0<13.6.5 | |
| Apple macOS | >=14.0<14.4 | |
| Apple tvOS | <17.4 | |
| Apple visionOS | <1.1 | |
| Apple watchOS | <10.4 | |
| Apple macOS | <14.4 | 14.4 |
| Apple macOS | <13.6.5 | 13.6.5 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/03/06/iphone_ipad_zero_days/
- https://www.theregister.com/2024/03/11/infosec_news_in_brief/
- https://support.apple.com/en-us/HT214082 (Advisory)
- https://support.apple.com/en-us/HT214088 (Advisory)
- https://support.apple.com/en-us/HT214085 (Advisory)
- https://support.apple.com/en-us/HT214086 (Advisory)
- https://support.apple.com/en-us/HT214087 (Advisory)
- https://support.apple.com/en-us/HT214083 (Advisory)
- https://support.apple.com/en-us/HT214081 (Advisory)
- https://support.apple.com/en-us/HT214084 (Advisory)
- http://seclists.org/fulldisclosure/2024/Mar/18
- http://seclists.org/fulldisclosure/2024/Mar/19
- http://seclists.org/fulldisclosure/2024/Mar/21
- http://seclists.org/fulldisclosure/2024/Mar/22
- http://seclists.org/fulldisclosure/2024/Mar/23
- http://seclists.org/fulldisclosure/2024/Mar/24
- http://seclists.org/fulldisclosure/2024/Mar/25
- http://seclists.org/fulldisclosure/2024/Mar/26
- https://support.apple.com/kb/HT214083
- https://support.apple.com/kb/HT214084
- https://support.apple.com/kb/HT214085
- https://support.apple.com/kb/HT214086
- https://support.apple.com/kb/HT214087
- https://support.apple.com/kb/HT214088
- https://support.apple.com/en-us/HT214081,
- https://support.apple.com/en-us/HT214082,
- https://support.apple.com/en-us/HT214083,
- https://support.apple.com/en-us/HT214084,
- https://support.apple.com/en-us/HT214085,
- https://support.apple.com/en-us/HT214086,
- https://support.apple.com/en-us/HT214087,
- https://nvd.nist.gov/vuln/detail/CVE-2024-23225
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23296
- CVE-2024-23243
- CVE-2024-23256
- CVE-2024-23262
- CVE-2024-23218
- CVE-2024-23286
- CVE-2024-23257
- CVE-2024-23225
- CVE-2024-23235
- CVE-2024-23265
- CVE-2024-23278
- CVE-2023-28826
- CVE-2024-23264
- CVE-2024-23283
- CVE-2024-23259
- CVE-2024-23231
- CVE-2024-23204
- CVE-2024-23203
- CVE-2024-23289
- CVE-2024-23246
- CVE-2024-23284
- CVE-2024-23263
- CVE-2024-23291
- CVE-2024-23288
- CVE-2024-23250
- CVE-2022-48554
- CVE-2024-0258
- CVE-2024-23297
- CVE-2024-23287
- CVE-2024-23239
- CVE-2024-23290
- CVE-2024-23293
- CVE-2024-23226
- CVE-2024-23254
- CVE-2024-23280
- CVE-2024-23270
- CVE-2024-23241
- CVE-2024-23258
- CVE-2024-23295
- CVE-2024-23220
- CVE-2024-23276
- CVE-2024-23227
- CVE-2024-23269
- CVE-2024-23247
- CVE-2024-23299
- CVE-2024-23244
- CVE-2024-23234
- CVE-2024-23266
- CVE-2024-23201
- CVE-2024-23274
- CVE-2024-23268
- CVE-2024-23275
- CVE-2024-23267
- CVE-2024-23216
- CVE-2024-23230
- CVE-2024-23245
- CVE-2024-23272
- CVE-2023-40389
- CVE-2024-23277
- CVE-2024-23205
- CVE-2024-23240
- CVE-2024-23255
- CVE-2024-23273
- CVE-2024-23292
- CVE-2024-23242
- CVE-2024-27886
- CVE-2024-23233
- CVE-2024-23248
- CVE-2024-23249
- CVE-2024-23229
- CVE-2024-27789
- CVE-2024-23253
- CVE-2024-27853
- CVE-2024-23279
- CVE-2024-23285
- CVE-2024-27809
- CVE-2024-27887
- CVE-2023-48795
- CVE-2023-51384
- CVE-2023-51385
- CVE-2022-42816
- CVE-2023-42853
- CVE-2024-27888
- CVE-2024-23294
- CVE-2024-23238
- CVE-2024-23232
- CVE-2024-23281
- CVE-2024-27792
- CVE-2024-23261
- CVE-2024-23260
- CVE-2024-23217
- agent/first-publish-date
- agent/type
- collector/the-register
- source/The Register
- alias/CVE-2024-23225
- alias/CVE-2024-23296
- alias/CVE-2024-23243
- alias/CVE-2024-23256
- zeroday/true
- agent/news-ai
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- alias/CVE-2024-21338
- alias/CVE-2024-23277
- alias/CVE-2024-23288
- agent/description
- agent/title
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/event
- agent/trending
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple visionos
- canonical/apple macos monterey
- canonical/apple multiple products
- version/apple ipados/17.0
- canonical/apple iphone os
- version/apple iphone os/17.0
- canonical/apple macos
- version/apple macos/12.0
- version/apple macos/13.0
- version/apple macos/14.0