First published: Tue Mar 05 2024(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: product-security@apple.com Kirin @Pwnrin luckyu @uuulucky Mickey Jin @patch1t an anonymous researcher K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik anbu1024 SecANTPwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina CVE-2024-23238 Wojciech Regula SecuRingYiğit Can YILMAZ @yilmazcanyigit Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23225 koocola ali yabuz Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Pedro Tôrres @t0rr3sp3dr0 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi CVE-2024-23296 Junsung Lee Trend Micro Zero Day InitiativeZhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike CVE-2024-23235 Xinru Chi Pangu Labm4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Marc Newlin SkySafeBrian McNulty Stephan Casas CVE-2024-23291 CVE-2024-23220 Patrick Reardon scj643 Om Kothawade Cristian Dinca Computer ScienceRomania
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.4 | 14.4 |
tvOS | <17.4 | 17.4 |
<14.4 | 14.4 | |
Apple iOS, iPadOS, and watchOS | <10.4 | 10.4 |
Apple iOS, iPadOS, and watchOS | <17.4 | 17.4 |
Apple iOS, iPadOS, and watchOS | <17.4 | 17.4 |
visionOS | <1.1 | 1.1 |
iPadOS | <17.4 | |
iStyle @cosme iPhone OS | <17.4 | |
Apple iOS and macOS | >=14.0<14.4 | |
tvOS | <17.4 | |
visionOS | <1.1 | |
Apple iOS, iPadOS, and watchOS | <10.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2024-23226 has a high severity rating due to the potential for arbitrary code execution.
To fix CVE-2024-23226, update your device to macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, or tvOS 17.4.
CVE-2024-23226 affects various Apple devices running macOS, visionOS, iOS, iPadOS, watchOS, and tvOS.
CVE-2024-23226 is a memory handling vulnerability in WebKit that can lead to arbitrary code execution.
There are no publicly available reports confirming active exploitation of CVE-2024-23226 at this time.