CVE-2024-23225 vulnerability in Apple Products
Published on March 5, 2024
Known Exploited Vulnerability
This Apple iOS and iPadOS Memory Corruption Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
The following remediation steps are recommended / required by March 27, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-23225 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2024-23225 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2024-23225
You can be notified by stack.watch whenever vulnerabilities like CVE-2024-23225 are published in these products:
What versions are vulnerable to CVE-2024-23225?
- Apple iPad OS Fixed in Version 16.7.6
- Apple iOS Version 17.0 Fixed in Version 17.4
- Apple iPad OS Version 17.0 Fixed in Version 17.4
- Apple iOS Fixed in Version 16.7.6
- Apple Macos Version 12.0 Fixed in Version 12.7.4
- Apple Macos Version 14.0 Fixed in Version 14.4
- Apple Macos Version 13.0 Fixed in Version 13.6.5
- Apple TV OS Fixed in Version 17.4
- Apple Visionos Fixed in Version 1.1
- Apple Watch OS Fixed in Version 10.4