First published: Tue Mar 05 2024(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: Junsung Lee Trend Micro Zero Day Initiative product-security@apple.com an anonymous researcher Zhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike Pedro Tôrres @t0rr3sp3dr0 CVE-2024-23235 Xinru Chi Pangu LabCVE-2024-23225 koocola ali yabuz Kirin @Pwnrin Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 Mickey Jin @patch1t CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi Wojciech Regula SecuRingCVE-2024-23296 Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23238 Yiğit Can YILMAZ @yilmazcanyigit luckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik anbu1024 SecANTPwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina m4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Marc Newlin SkySafeBrian McNulty Stephan Casas CVE-2024-23291 Clemens Lang Koh M. Nakagawa FFRI Security IncMeng Zhang (鲸落) NorthSeaJubaer Alnazi @h33tjubaer Csaba Fitzl @theevilbit Offensive SecurityPatrick Reardon CVE-2024-23220
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.4 | 14.4 |
Apple iOS, iPadOS, and watchOS | <16.7.6 | 16.7.6 |
Apple iOS, iPadOS, and watchOS | <16.7.6 | 16.7.6 |
visionOS | <1.1 | 1.1 |
Apple iOS, iPadOS, and watchOS | <16.7.6 | |
iStyle @cosme iPhone OS | <16.7.6 | |
Apple iOS and macOS | >=12.0<12.7.4 | |
Apple iOS and macOS | >=13.0<13.6.5 | |
Apple iOS and macOS | >=14.0<14.4 | |
visionOS | <1.1 | |
macOS | <12.7.4 | 12.7.4 |
macOS Ventura | <13.6.5 | 13.6.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The severity of CVE-2024-23257 is high due to the potential for memory handling vulnerabilities affecting various Apple operating systems.
To fix CVE-2024-23257, upgrade your Apple device to the latest versions: macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6, or iPadOS 16.7.6.
CVE-2024-23257 affects Apple devices running iOS, iPadOS, visionOS, and various versions of macOS, specifically prior to the mentioned fixes.
Exploitation of CVE-2024-23257 could lead to the disclosure of potentially sensitive information through improper memory management when processing images.
CVE-2024-23257 was disclosed in early 2024, and updates were released shortly thereafter to address the vulnerability.