Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2024-23225

Published: 05/03/2024 Updated: 23/05/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0

Vulnerability Summary

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple ipad os

apple iphone os

apple macos

apple tvos

apple visionos

apple watchos

Vendor Advisories

Apple: macOS Sonoma 14.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: macOS Monterey 12.7.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: watchOS 10.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: macOS Ventura 13.6.5
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: iOS 16.7.6 and iPadOS 16.7.6
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: iOS 17.4 and iPadOS 17.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: tvOS 17.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: visionOS 1.1
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...

Mailing Lists

Full Disclosure: APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-07-2024-3 macOS Ventura 1365 macOS Ventura 1365 addresses the following issues Information about the security content is also available at supportapplecom/kb/HT214085 Apple maintains a Security Releases page at supportapplecom/HT201222 which lists recent softwa ...
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-07-2024-2 macOS Sonoma 144 macOS Sonoma 144 addresses the following issues Information about the security content is also available at supportapplecom/kb/HT214084 Apple maintains a Security Releases page at supportapplecom/HT201222 which lists recent software upd ...
Full Disclosure: APPLE-SA-03-07-2024-7 visionOS 1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-07-2024-7 visionOS 11 visionOS 11 addresses the following issues Information about the security content is also available at supportapplecom/kb/HT214087 Apple maintains a Security Releases page at supportapplecom/HT201222 which lists recent software updates with ...
Full Disclosure: APPLE-SA-03-07-2024-6 tvOS 17.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-07-2024-6 tvOS 174 tvOS 174 addresses the following issues Information about the security content is also available at supportapplecom/kb/HT214086 Apple maintains a Security Releases page at supportapplecom/HT201222 which lists recent software updates with securi ...
Full Disclosure: APPLE-SA-03-07-2024-5 watchOS 10.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-07-2024-5 watchOS 104 watchOS 104 addresses the following issues Information about the security content is also available at supportapplecom/kb/HT214088 Apple maintains a Security Releases page at supportapplecom/HT201222 which lists recent software updates with ...
Full Disclosure: APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-07-2024-4 macOS Monterey 1274 macOS Monterey 1274 addresses the following issues Information about the security content is also available at supportapplecom/kb/HT214083 Apple maintains a Security Releases page at supportapplecom/HT201222 which lists recent soft ...
Full Disclosure: APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-05-2024-1 iOS 174 and iPadOS 174 iOS 174 and iPadOS 174 addresses the following issues Information about the security content is also available at supportapplecom/kb/HT214081 Apple maintains a Security Releases page at supportapplecom/HT201222 which lists recen ...
Full Disclosure: APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-05-2024-2 iOS 1676 and iPadOS 1676 iOS 1676 and iPadOS 1676 addresses the following issues Information about the security content is also available at supportapplecom/kb/HT214082 Apple maintains a Security Releases page at supportapplecom/HT201222 which lis ...

Recent Articles

Apple backports fix for zero-day exploited in attacks to older iPhones
BleepingComputer • Sergiu Gatlan • 13 May 2024

Apple backports fix for zero-day exploited in attacks to older iPhones By Sergiu Gatlan May 13, 2024 05:47 PM 0 Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks. In security advisories published today, Apple once again said they're aware of reports that this vulnerability "may have been actively exploited." The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attacke...

Read more...
Apple backports fix for RTKit iOS zero-day to older iPhones
BleepingComputer • Sergiu Gatlan • 13 May 2024

Apple backports fix for RTKit iOS zero-day to older iPhones By Sergiu Gatlan May 13, 2024 05:47 PM 0 Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. In security advisories published today, Apple once again said they're aware of reports that this vulnerability "may have been actively exploited." The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers w...

Read more...
Apple fixes two new iOS zero-days exploited in attacks on iPhones
BleepingComputer • Lawrence Abrams • 05 Mar 2024

Apple fixes two new iOS zero-days exploited in attacks on iPhones By Lawrence Abrams March 5, 2024 04:34 PM 0 Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel r...

Read more...
Apple's trademark tight lips extend to new iPhone, iPad zero-days
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4 Inside our three-month effort to attend Apple's iPhone 7 launch party

Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited. In typical Apple fashion, it's keeping most of the interesting details under wraps, but both have the potential to access data in the protected kernel. The consumer tech giant registered the vulnerability as CVE-2024-23225 and said that an attacker would already need to have kernel read and write capabilities to bypass the kernel mem...

Read more...

References

CWE-787https://support.apple.com/en-us/HT214081https://support.apple.com/en-us/HT214082https://support.apple.com/kb/HT214083https://support.apple.com/kb/HT214088https://support.apple.com/kb/HT214084https://support.apple.com/kb/HT214086https://support.apple.com/kb/HT214085https://support.apple.com/kb/HT214087http://seclists.org/fulldisclosure/2024/Mar/19http://seclists.org/fulldisclosure/2024/Mar/18http://seclists.org/fulldisclosure/2024/Mar/21http://seclists.org/fulldisclosure/2024/Mar/25http://seclists.org/fulldisclosure/2024/Mar/24http://seclists.org/fulldisclosure/2024/Mar/22http://seclists.org/fulldisclosure/2024/Mar/23http://seclists.org/fulldisclosure/2024/Mar/26https://nvd.nist.govhttps://www.theregister.co.uk/2024/03/06/iphone_ipad_zero_days/https://support.apple.com/kb/HT214084
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692CVE-2012-1823memory leakCVE-2024-0627CVE-2024-31402privilege escalationCVE-2024-36418remote code executionCVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook