CVE-2024-23296: Apple Multiple Products Memory Corruption Vulnerability
First published: Tue Mar 05 2024(Updated: )
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Credit: CVE-2024-23296 product-security@apple.com CVE-2024-23296 CVE-2024-23296 CVE-2024-23296
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <17.4 | 17.4 |
| Apple iPadOS | <17.4 | 17.4 |
| Apple macOS Sonoma | <14.4 | 14.4 |
| Apple tvOS | <17.4 | 17.4 |
| Apple watchOS | <10.4 | 10.4 |
| Apple visionOS | <1.1 | 1.1 |
| Apple iOS | <17.4 | |
| Apple iPhone OS | <17.4 | |
| Apple macOS | >=14.0<14.4 | |
| Apple tvOS | <17.4 | |
| Apple visionOS | <1.1 | |
| Apple watchOS | <10.4 | |
| Apple Multiple Products |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/03/06/iphone_ipad_zero_days/
- https://www.theregister.com/2024/03/11/infosec_news_in_brief/
- https://support.apple.com/en-us/HT214086 (Advisory)
- https://support.apple.com/en-us/HT214088 (Advisory)
- https://support.apple.com/en-us/HT214087 (Advisory)
- https://support.apple.com/en-us/HT214081 (Advisory)
- https://support.apple.com/kb/HT214088
- https://support.apple.com/kb/HT214084
- https://support.apple.com/kb/HT214086
- https://support.apple.com/kb/HT214087
- http://seclists.org/fulldisclosure/2024/Mar/18
- http://seclists.org/fulldisclosure/2024/Mar/21
- http://seclists.org/fulldisclosure/2024/Mar/25
- http://seclists.org/fulldisclosure/2024/Mar/24
- http://seclists.org/fulldisclosure/2024/Mar/26
- https://support.apple.com/en-us/HT214081,
- https://support.apple.com/en-us/HT214082,
- https://support.apple.com/en-us/HT214084,
- https://support.apple.com/en-us/HT214086,
- https://support.apple.com/en-us/HT214084 (Advisory)
- https://support.apple.com/kb/HT214081
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23225
- CVE-2024-23243
- CVE-2024-23256
- CVE-2024-23291
- CVE-2024-23288
- CVE-2024-23250
- CVE-2022-48554
- CVE-2024-23270
- CVE-2024-23286
- CVE-2024-23235
- CVE-2024-23265
- CVE-2024-23278
- CVE-2024-0258
- CVE-2024-23297
- CVE-2024-23264
- CVE-2024-23296
- CVE-2024-23239
- CVE-2024-23290
- CVE-2024-23293
- CVE-2024-23241
- CVE-2024-23246
- CVE-2024-23226
- CVE-2024-23254
- CVE-2024-23263
- CVE-2024-23280
- CVE-2024-23284
- CVE-2024-23287
- CVE-2024-23231
- CVE-2024-23289
- CVE-2024-23262
- CVE-2024-23257
- CVE-2024-23258
- CVE-2024-23295
- CVE-2024-23220
- CVE-2024-23276
- CVE-2024-23227
- CVE-2024-23233
- CVE-2024-23269
- CVE-2024-23277
- CVE-2024-23247
- CVE-2024-23248
- CVE-2024-23249
- CVE-2024-23244
- CVE-2024-23205
- CVE-2024-23253
- CVE-2024-23234
- CVE-2024-23266
- CVE-2024-23279
- CVE-2024-23285
- CVE-2024-23283
- CVE-2023-48795
- CVE-2023-51384
- CVE-2023-51385
- CVE-2022-42816
- CVE-2024-23216
- CVE-2024-23267
- CVE-2024-23268
- CVE-2024-23274
- CVE-2023-42853
- CVE-2024-23275
- CVE-2024-23255
- CVE-2024-23294
- CVE-2024-23259
- CVE-2024-23273
- CVE-2024-23238
- CVE-2024-23232
- CVE-2024-23230
- CVE-2024-23245
- CVE-2024-23292
- CVE-2024-23272
- CVE-2024-23242
- CVE-2024-23281
- CVE-2024-23260
- CVE-2024-23240
- agent/first-publish-date
- agent/type
- collector/the-register
- source/The Register
- alias/CVE-2024-23225
- alias/CVE-2024-23296
- alias/CVE-2024-23243
- alias/CVE-2024-23256
- zeroday/true
- agent/news-ai
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- alias/CVE-2024-21338
- alias/CVE-2024-23277
- alias/CVE-2024-23288
- agent/event
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/tags
- agent/softwarecombine
- agent/description
- collector/nvd-api
- source/NVD
- agent/title
- agent/last-modified-date
- vendor/apple
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple visionos
- canonical/apple multiple products
- canonical/apple ios
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/14.0
- canonical/apple macos sonoma
- canonical/apple ipados