CVE-2024-23240: Buffer Overflow
First published: Tue Mar 05 2024(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: product-security@apple.com CVE-2024-23225 CVE-2024-23235 Xinru Chi Pangu Laban anonymous researcher ali yabuz scj643 Kirin @Pwnrin Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeHarsh Tyagi CVE-2024-23296 CVE-2024-23220 Lyra Rebane (rebane2001) Om Kothawade Matej Rabzelj Mickey Jin @patch1t Wojciech Regula SecuRingluckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik Pwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina Guilherme Rambo Best Buddy AppsCVE-2024-23205 CVE-2022-48554 Junsung Lee Trend Micro Zero Day InitiativeAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R CVE-2024-23291 Marc Newlin SkySafeCristian Dinca Computer ScienceRomania anbu1024 SecANT
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and watchOS | <17.4 | 17.4 |
| Apple iOS, iPadOS, and watchOS | <17.4 | 17.4 |
| iPadOS | <17.4 | |
| iStyle @cosme iPhone OS | <17.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214081 (Advisory)
- https://support.apple.com/en-us/120893 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23243
- CVE-2024-23262
- CVE-2024-23291
- CVE-2024-23288
- CVE-2024-23277
- CVE-2024-23250
- CVE-2024-23205
- CVE-2022-48554
- CVE-2024-23270
- CVE-2024-23286
- CVE-2024-23225
- CVE-2024-23235
- CVE-2024-23265
- CVE-2024-23278
- CVE-2024-0258
- CVE-2024-23297
- CVE-2024-23287
- CVE-2024-23264
- CVE-2024-23240
- CVE-2024-23255
- CVE-2024-23296
- CVE-2024-23220
- CVE-2024-23259
- CVE-2024-23256
- CVE-2024-23273
- CVE-2024-23239
- CVE-2024-23290
- CVE-2024-23231
- CVE-2024-23292
- CVE-2024-23289
- CVE-2024-23293
- CVE-2024-23241
- CVE-2024-23242
- CVE-2024-23246
- CVE-2024-54658
- CVE-2024-23226
- CVE-2024-27859
- CVE-2024-23254
- CVE-2024-23263
- CVE-2024-23280
- CVE-2024-23284
Frequently Asked Questions
What is the severity of CVE-2024-23240?
CVE-2024-23240 has been rated as a high severity vulnerability due to potential privacy issues.
How do I fix CVE-2024-23240?
To fix CVE-2024-23240, users should update their devices to iOS or iPadOS version 17.4 or later.
What types of devices are affected by CVE-2024-23240?
CVE-2024-23240 affects Apple iOS and iPadOS devices running versions prior to 17.4.
What are the main issues addressed in CVE-2024-23240?
CVE-2024-23240 addresses privacy issues related to log entries and improves entitlement checks.
Was any code removed to mitigate CVE-2024-23240?
Yes, CVE-2024-23240 included the removal of vulnerable code to address the issues.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/trending
- agent/source
- agent/references
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/author
- agent/event
- collector/apple-support
- source/Apple
- alias/CVE-2024-23264
- alias/CVE-2024-23240
- alias/CVE-2024-23255
- alias/CVE-2024-23296
- alias/CVE-2024-23220
- alias/CVE-2024-23259
- alias/CVE-2024-23256
- alias/CVE-2024-23273
- alias/CVE-2024-23239
- alias/CVE-2024-23290
- alias/CVE-2024-23231
- alias/CVE-2024-23292
- alias/CVE-2024-23289
- alias/CVE-2024-23293
- alias/CVE-2024-23241
- alias/CVE-2024-23242
- alias/CVE-2024-23246
- alias/CVE-2024-54658
- alias/CVE-2024-23226
- alias/CVE-2024-27859
- alias/CVE-2024-23254
- alias/CVE-2024-23263
- alias/CVE-2024-23280
- alias/CVE-2024-23284
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/CVE-2024-23297
- alias/CVE-2024-23287
- alias/CVE-2024-0258
- alias/CVE-2024-23278
- alias/CVE-2024-23250
- alias/CVE-2024-23205
- alias/CVE-2022-48554
- alias/CVE-2024-23270
- alias/CVE-2024-23286
- alias/CVE-2024-23225
- alias/CVE-2024-23235
- alias/CVE-2024-23265
- alias/CVE-2024-23277
- alias/CVE-2024-23291
- alias/CVE-2024-23288
- alias/CVE-2024-23262
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/apple ios, ipados, and watchos
- canonical/ipados
- canonical/istyle @cosme iphone os