What is the severity of CVE-2024-23264?

CVE-2024-23264 is classified as a moderate severity vulnerability.

How do I fix CVE-2024-23264?

To fix CVE-2024-23264, update to the latest versions of the affected Apple software as specified in the vulnerability report.

What software is affected by CVE-2024-23264?

CVE-2024-23264 affects various Apple platforms including iOS, iPadOS, tvOS, macOS Monterey, macOS Ventura, macOS Sonoma, and visionOS.

What type of issue is CVE-2024-23264?

CVE-2024-23264 is a validation issue that was addressed with improved input sanitization.

What can an attacker potentially do with CVE-2024-23264?

An attacker may exploit CVE-2024-23264 to read restricted memory, which could lead to data exposure.

Vulnerability/
CVE-2024-23264

medium

5.5

CWE

119 20 362 125

5/3/2024

8/3/2024

13/2/2025

CVE-2024-23264: Buffer Overflow

First published: Tue Mar 05 2024(Updated: )

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.

Credit: Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative product-security@apple.com CVE-2024-23225 koocola an anonymous researcher ali yabuz Kirin @Pwnrin @08Tc3wBB JamfCVE-2024-23283 Mickey Jin @patch1t CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Pedro Tôrres @t0rr3sp3dr0 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi Wojciech Regula SecuRingCVE-2024-23296 Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23238 Yiğit Can YILMAZ @yilmazcanyigit luckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik anbu1024 SecANTPwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina Junsung Lee Trend Micro Zero Day InitiativeZhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike CVE-2024-23235 Xinru Chi Pangu Labm4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Marc Newlin SkySafeBrian McNulty Stephan Casas CVE-2024-23291 Koh M. Nakagawa FFRI Security IncMeng Zhang (鲸落) NorthSeaJubaer Alnazi @h33tjubaer Csaba Fitzl @theevilbit Offensive SecurityClemens Lang Patrick Reardon CVE-2024-23220 scj643 Om Kothawade Cristian Dinca Computer ScienceRomania

Affected Software	Affected Version	How to fix
Apple visionOS	<1.1	1.1
Apple macOS Monterey	<12.7.4	12.7.4
Apple macOS	<14.4	14.4
Apple macOS	<13.6.5	13.6.5
tvOS	<17.4	17.4
Apple iOS	<17.4	17.4
iPadOS	<17.4	17.4
Apple iOS	<16.7.6	16.7.6
iPadOS	<16.7.6	16.7.6
iPadOS	<16.7.6
iPadOS	>=17.0<17.4
Apple iPhone OS	<16.7.6
Apple iPhone OS	>=17.0<17.4
Apple macOS	>=12.0<12.7.4
Apple macOS	>=13.0<13.6.5
Apple macOS	>=14.0<14.4
tvOS	<17.4
Apple visionOS	<1.1

Never miss a vulnerability like this again

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-23262
CVE-2024-23257
CVE-2024-23258
CVE-2024-23286
CVE-2024-23235
CVE-2024-23265
CVE-2024-23225
CVE-2024-23264
CVE-2024-23295
CVE-2024-23296
CVE-2024-23220
CVE-2024-23246
CVE-2024-23226
CVE-2024-23254
CVE-2024-23263
CVE-2024-23284
CVE-2024-23276
CVE-2024-23227
CVE-2024-23269
CVE-2024-23247
CVE-2024-23218
CVE-2024-23299
CVE-2024-23244
CVE-2024-23270
CVE-2024-23234
CVE-2024-23266
CVE-2024-23201
CVE-2023-28826
CVE-2024-23283
CVE-2024-23274
CVE-2024-23268
CVE-2024-23275
CVE-2024-23267
CVE-2024-23216
CVE-2024-23230
CVE-2024-23204
CVE-2024-23245
CVE-2024-23272
CVE-2023-40389
CVE-2024-23291
CVE-2024-27886
CVE-2024-23233
CVE-2024-23288
CVE-2024-23277
CVE-2024-23248
CVE-2024-23249
CVE-2024-23250
CVE-2024-23205
CVE-2022-48554
CVE-2024-23229
CVE-2024-27789
CVE-2024-23253
CVE-2024-27853
CVE-2024-23278
CVE-2024-0258
CVE-2024-23279
CVE-2024-23287
CVE-2024-23285
CVE-2024-27809
CVE-2024-27887
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2022-42816
CVE-2023-42853
CVE-2024-27888
CVE-2024-23255
CVE-2024-23294
CVE-2024-23259
CVE-2024-23273
CVE-2024-23238
CVE-2024-23239
CVE-2024-23290
CVE-2024-23232
CVE-2024-23231
CVE-2024-23292
CVE-2024-23289
CVE-2024-23293
CVE-2024-23241
CVE-2024-23242
CVE-2024-23281
CVE-2024-27792
CVE-2024-23261
CVE-2024-23260
CVE-2024-23280
CVE-2024-23203
CVE-2024-23217
CVE-2024-23297
CVE-2024-23243
CVE-2024-23240
CVE-2024-23256
CVE-2024-54658
CVE-2024-27859

Frequently Asked Questions

What is the severity of CVE-2024-23264?
CVE-2024-23264 is classified as a moderate severity vulnerability.
How do I fix CVE-2024-23264?
To fix CVE-2024-23264, update to the latest versions of the affected Apple software as specified in the vulnerability report.
What software is affected by CVE-2024-23264?
CVE-2024-23264 affects various Apple platforms including iOS, iPadOS, tvOS, macOS Monterey, macOS Ventura, macOS Sonoma, and visionOS.
What type of issue is CVE-2024-23264?
CVE-2024-23264 is a validation issue that was addressed with improved input sanitization.
What can an attacker potentially do with CVE-2024-23264?
An attacker may exploit CVE-2024-23264 to read restricted memory, which could lead to data exposure.

agent/type
agent/first-publish-date
collector/apple-support
source/Apple
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/trending
agent/source
agent/software-canonical-lookup-request
agent/event
agent/weakness
agent/references
agent/author
agent/description
collector/nvd-api
source/NVD
agent/softwarecombine
agent/tags
alias/CVE-2024-27853
alias/CVE-2024-23278
alias/CVE-2024-0258
alias/CVE-2024-23279
alias/CVE-2024-23287
alias/CVE-2024-23264
alias/CVE-2024-23285
alias/CVE-2024-27809
alias/CVE-2024-23283
alias/CVE-2024-27887
alias/CVE-2023-48795
alias/CVE-2023-51384
alias/CVE-2023-51385
alias/CVE-2022-42816
alias/CVE-2024-23216
alias/CVE-2024-23267
alias/CVE-2024-23268
alias/CVE-2024-23274
alias/CVE-2023-42853
alias/CVE-2024-23275
alias/CVE-2024-27888
alias/CVE-2024-23255
alias/CVE-2024-23294
alias/CVE-2024-23296
alias/CVE-2024-23259
alias/CVE-2024-23273
alias/CVE-2024-23238
alias/CVE-2024-23239
alias/CVE-2024-23290
alias/CVE-2024-23232
alias/CVE-2024-23231
alias/CVE-2024-23230
alias/CVE-2024-23245
alias/CVE-2024-23292
alias/CVE-2024-23289
alias/CVE-2024-23293
alias/CVE-2024-23241
alias/CVE-2024-23272
alias/CVE-2024-23242
alias/CVE-2024-23281
alias/CVE-2024-27792
alias/CVE-2024-23261
alias/CVE-2024-23260
alias/CVE-2024-23246
alias/CVE-2024-54658
alias/CVE-2024-23226
alias/CVE-2024-27859
alias/CVE-2024-23254
alias/CVE-2024-23263
alias/CVE-2024-23280
alias/CVE-2024-23284
alias/CVE-2024-23257
alias/CVE-2024-23258
alias/CVE-2024-23286
alias/CVE-2024-23234
alias/CVE-2024-23266
alias/CVE-2024-23235
alias/CVE-2024-23265
alias/CVE-2024-23225
alias/CVE-2024-23248
alias/CVE-2024-23249
alias/CVE-2024-23250
alias/CVE-2024-23299
alias/CVE-2024-23244
alias/CVE-2024-23205
alias/CVE-2022-48554
alias/CVE-2024-23229
alias/CVE-2024-27789
alias/CVE-2024-23253
alias/CVE-2024-23270
alias/CVE-2024-23277
alias/CVE-2024-23247
alias/CVE-2024-23288
alias/CVE-2024-23227
alias/CVE-2024-27886
alias/CVE-2024-23233
alias/CVE-2024-23269
alias/CVE-2024-23276
alias/CVE-2024-23201
alias/CVE-2023-28826
alias/CVE-2024-23204
alias/CVE-2023-40389
alias/CVE-2024-23218
alias/CVE-2024-23203
alias/CVE-2024-23295
alias/CVE-2024-23220
alias/CVE-2024-23297
alias/CVE-2024-23240
alias/CVE-2024-23256
alias/CVE-2024-23262
alias/CVE-2024-23291
alias/CVE-2024-23217
vendor/apple
canonical/apple visionos
canonical/apple macos monterey
canonical/apple macos
canonical/tvos
canonical/apple ios
canonical/ipados
version/ipados/17.0
canonical/apple iphone os
version/apple iphone os/17.0
version/apple macos/12.0
version/apple macos/13.0
version/apple macos/14.0