First published: Mon May 13 2024(Updated: )
Apple Neural Engine. The issue was addressed with improved memory handling.
Credit: Dohyun Lee @l33d0hyun Minghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu SecurityMeysam Firouzi @R00tkitSMM Mickey Jin @patch1t an anonymous researcher Kirin @Pwnrin 小来来 @Smi1eSEC pattern-f @pattern_F_ Ant Security LightAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsLucas Monteiro Daniel Monteiro Felipe Monteiro Alexander Heinrich SEEMOO TU Darmstadt @Sn0wfreeze Shai Mishali @freak4pc CertiK SkyFall Team Junsung Lee Trend Micro Zero Day InitiativePan ZhenPeng @Peterpan0927 STAR Labs SG Ptean anonymous researcher MIT CSAIL MIT CSAILJoseph Ravichandran @0xjprx MIT CSAILPr BarPr Hebrew UniversityEP Nick Wellnhofer Gil Pedersen LFY @secsys Fudan UniversityTalal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncDaniel Zajork Joshua Zajork Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeAndr.Ess Adam Berry Csaba Fitzl @theevilbit KandjiLFY @secsys yulige Snoolie Keffaber @0xilis Robert Reichel Srijan Poudel CVE-2024-27806 Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology BhopalRomy R. ajajfxhj Maksymilian Motyl Immunity SystemsManfred Paul @_manfp Trend Micro's Zero Day InitiativeEmilio Cobos MozillaLukas Bernhard CISPA Helmholtz Center for Information SecurityManfred Paul @_manfp Trend Micro Zero Day InitiativeNan Wang @eternalsakura13 360 Vulnerability Research InstituteJoe Rutkowski @Joe12387 Crawless @abrahamjuliot Jeff Johnson underpassappDalibor Milanovic CVE-2024-23296 Ron Masas ImpervaScott Johnson RIPEDA ConsultingMykola Grymalyuk RIPEDA ConsultingJordy Witteman Carlos Polop Pedro Tôrres @t0rr3sp3dr0 Narendra Bhati Suma Soft PvtShaheen Fazim Yann GASCUEL Alter SolutionsPwn2car Trend Micro's Zero Day Initiative Trend Micro's Zero Day InitiativeMichael DePlante @izobashi Trend Micro's Zero Day Initiative product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.5 | 14.5 |
Apple iOS, iPadOS, and watchOS | <16.7.8 | 16.7.8 |
Apple iOS, iPadOS, and watchOS | <16.7.8 | 16.7.8 |
Apple iOS, iPadOS, and watchOS | <17.5 | 17.5 |
Apple iOS, iPadOS, and watchOS | <17.5 | 17.5 |
Apple iOS, iPadOS, and watchOS | <10.5 | 10.5 |
Apple iOS, iPadOS, and watchOS | <16.7.8 | |
Apple iOS, iPadOS, and watchOS | >=17.0<17.5 | |
iStyle @cosme iPhone OS | <16.7.8 | |
iStyle @cosme iPhone OS | >=17.0<17.5 | |
Apple iOS and macOS | >=14.0<14.5 | |
Apple iOS, iPadOS, and watchOS | <10.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2024-23282 has been assessed to have a high severity due to potential unauthorized FaceTime calls from malicious emails.
CVE-2024-23282 affects macOS, iOS, iPadOS, and watchOS versions prior to the latest updates.
To fix CVE-2024-23282, you should update to macOS Sonoma 14.5, iOS 17.5, iPadOS 17.5, or watchOS 10.5.
CVE-2024-23282 is a vulnerability that enables potential unauthorized initiation of FaceTime calls through maliciously crafted emails.
CVE-2024-23282 was disclosed as part of a standard security bulletin update by Apple.