CVE-2024-23225

2024-03-0519:24:12

apple

www.cve.org

memory corruption

validation

ios 16.7.6

ipados 16.7.6

ios 17.4

ipados 17.4

kernel memory protections

exploited

arbitrary kernel read

arbitrary kernel write

apple

AI Score

Confidence

High

EPSS

0.002

Percentile

58.9%

JSON

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "16.7",
        "versionType": "custom"
      }
    ]
  }
]