CVE-2024-23296: Apple Multiple Products Memory Corruption Vulnerability
First published: Tue Mar 05 2024(Updated: )
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Credit: CVE-2024-23296 CVE-2024-23296 CVE-2024-23296 CVE-2024-23296 CVE-2024-23296 CVE-2024-23296 CVE-2024-23296 CVE-2024-23296 product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <10.4 | 10.4 |
| Apple tvOS | <17.4 | 17.4 |
| Apple visionOS | <1.1 | 1.1 |
| Apple iOS | <17.4 | 17.4 |
| Apple iPadOS | <17.4 | 17.4 |
| Apple macOS Ventura | <13.6.7 | 13.6.7 |
| Apple iOS | <16.7.8 | 16.7.8 |
| Apple iPadOS | <16.7.8 | 16.7.8 |
| Apple macOS Sonoma | <14.4 | 14.4 |
| Apple macOS Monterey | <12.7.6 | 12.7.6 |
| Apple Ipad Os | <16.7.8 | |
| Apple Ipad Os | >=17.0<17.4 | |
| Apple iPhone OS | <16.7.8 | |
| Apple iPhone OS | >=17.0<17.4 | |
| Apple macOS | >=12.0<12.7.6 | |
| Apple macOS | >=13.0<13.6.7 | |
| Apple macOS | >=14.0<14.4 | |
| Apple tvOS | <17.4 | |
| Apple visionOS | <1.1 | |
| Apple watchOS | <10.4 | |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/03/06/iphone_ipad_zero_days/
- https://www.theregister.com/2024/03/11/infosec_news_in_brief/
- https://www.theregister.com/2024/05/14/microsoft_may_patch_tuesday/
- https://support.apple.com/en-us/HT214088 (Advisory)
- https://support.apple.com/en-us/HT214086 (Advisory)
- https://support.apple.com/en-us/HT214087 (Advisory)
- https://support.apple.com/en-us/HT214081 (Advisory)
- https://support.apple.com/en-us/HT214107 (Advisory)
- https://support.apple.com/en-us/HT214100 (Advisory)
- https://support.apple.com/en-us/HT214084 (Advisory)
- https://support.apple.com/en-us/HT214118 (Advisory)
- https://support.apple.com/kb/HT214088
- https://support.apple.com/kb/HT214084
- https://support.apple.com/kb/HT214086
- https://support.apple.com/kb/HT214087
- http://seclists.org/fulldisclosure/2024/Mar/18
- http://seclists.org/fulldisclosure/2024/Mar/21
- http://seclists.org/fulldisclosure/2024/Mar/25
- http://seclists.org/fulldisclosure/2024/Mar/24
- http://seclists.org/fulldisclosure/2024/Mar/26
- https://support.apple.com/kb/HT214107
- http://seclists.org/fulldisclosure/2024/May/11
- http://seclists.org/fulldisclosure/2024/May/13
- https://support.apple.com/kb/HT214100
- https://support.apple.com/kb/HT214118
- http://seclists.org/fulldisclosure/2024/Jul/20
- https://support.apple.com/en-us/HT214081,
- https://support.apple.com/en-us/HT214082,
- https://support.apple.com/en-us/HT214084,
- https://support.apple.com/en-us/HT214086,
- https://nvd.nist.gov/vuln/detail/CVE-2024-23296
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23225
- CVE-2024-23243
- CVE-2024-23256
- CVE-2024-23291
- CVE-2024-23288
- CVE-2024-23250
- CVE-2022-48554
- CVE-2024-23286
- CVE-2024-23235
- CVE-2024-23265
- CVE-2024-23278
- CVE-2024-0258
- CVE-2024-23297
- CVE-2024-23287
- CVE-2024-23296
- CVE-2024-23239
- CVE-2024-23290
- CVE-2024-23231
- CVE-2024-23289
- CVE-2024-23293
- CVE-2024-23246
- CVE-2024-23226
- CVE-2024-23254
- CVE-2024-23263
- CVE-2024-23280
- CVE-2024-23284
- CVE-2024-23270
- CVE-2024-23264
- CVE-2024-23241
- CVE-2024-23262
- CVE-2024-23257
- CVE-2024-23258
- CVE-2024-23295
- CVE-2024-23220
- CVE-2024-23277
- CVE-2024-23205
- CVE-2024-23240
- CVE-2024-23255
- CVE-2024-23259
- CVE-2024-23273
- CVE-2024-23292
- CVE-2024-23242
- CVE-2024-27805
- CVE-2024-27817
- CVE-2024-27831
- CVE-2024-27827
- CVE-2024-27789
- CVE-2024-27799
- CVE-2024-27840
- CVE-2024-27823
- CVE-2023-42861
- CVE-2024-27810
- CVE-2024-27800
- CVE-2024-27802
- CVE-2024-27885
- CVE-2024-27824
- CVE-2024-27843
- CVE-2024-27855
- CVE-2024-27806
- CVE-2024-27798
- CVE-2024-27847
- CVE-2024-27796
- CVE-2024-27818
- CVE-2024-23251
- CVE-2024-23282
- CVE-2024-27807
- CVE-2024-27838
- CVE-2024-27833
- CVE-2024-27834
- CVE-2024-27820
- CVE-2024-23276
- CVE-2024-23227
- CVE-2024-27886
- CVE-2024-23233
- CVE-2024-23269
- CVE-2024-23247
- CVE-2024-23248
- CVE-2024-23249
- CVE-2024-23299
- CVE-2024-23244
- CVE-2024-23229
- CVE-2024-23253
- CVE-2024-23234
- CVE-2024-23266
- CVE-2024-27853
- CVE-2024-23279
- CVE-2024-23285
- CVE-2024-27809
- CVE-2024-23283
- CVE-2024-27887
- CVE-2023-48795
- CVE-2023-51384
- CVE-2023-51385
- CVE-2022-42816
- CVE-2024-23216
- CVE-2024-23267
- CVE-2024-23268
- CVE-2024-23274
- CVE-2023-42853
- CVE-2024-23275
- CVE-2024-27888
- CVE-2024-23294
- CVE-2024-23238
- CVE-2024-23232
- CVE-2024-23230
- CVE-2024-23245
- CVE-2024-23272
- CVE-2024-23281
- CVE-2024-27792
- CVE-2024-23261
- CVE-2024-23260
- CVE-2024-40783
- CVE-2024-27826
- CVE-2024-40775
- CVE-2024-40774
- CVE-2024-27877
- CVE-2024-40799
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40828
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40816
- CVE-2024-40788
- CVE-2024-40803
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40800
- CVE-2024-40817
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-40833
- CVE-2024-40835
- CVE-2024-40807
- CVE-2024-40834
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-40809
- CVE-2024-40812
- agent/first-publish-date
- agent/type
- collector/the-register
- source/The Register
- alias/CVE-2024-23225
- alias/CVE-2024-23296
- alias/CVE-2024-23243
- alias/CVE-2024-23256
- zeroday/true
- agent/news-ai
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- alias/CVE-2024-21338
- alias/CVE-2024-23277
- alias/CVE-2024-23288
- agent/description
- agent/title
- alias/CVE-2024-30051
- alias/CVE-2024-30040
- alias/CVE-2024-30044
- alias/CVE-2024-27834
- alias/CVE-2024-4761
- alias/CVE-2024-22267
- alias/CVE-2024-22268
- alias/CVE-2024-22269
- alias/CVE-2024-22270
- alias/CVE-2024-22476
- alias/CVE-2024-21792
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- vendor/apple
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple visionos
- canonical/apple ios
- canonical/apple ipados
- canonical/apple macos ventura
- canonical/apple macos sonoma
- canonical/apple macos monterey
- canonical/apple ipad os
- version/apple ipad os/17.0
- canonical/apple iphone os
- version/apple iphone os/17.0
- canonical/apple macos
- version/apple macos/12.0
- version/apple macos/13.0
- version/apple macos/14.0
- canonical/apple multiple products