Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0185
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
D'après l'éditeur, les vulnérabilités CVE-2024-23225 et CVE-2024-23296 sont activement exploitées.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions 17.x ant\u00e9rieures \u00e0 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 17.x ant\u00e9rieures \u00e0 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 16.7.x ant\u00e9rieures \u00e0 16.7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 16.7.x ant\u00e9rieures \u00e0 16.7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-23296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23296"
},
{
"name": "CVE-2024-23243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23243"
},
{
"name": "CVE-2024-23225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23225"
},
{
"name": "CVE-2024-23256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23256"
}
],
"initial_release_date": "2024-03-06T00:00:00",
"last_revision_date": "2024-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0185",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nun contournement de la politique de s\u00e9curit\u00e9.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, les vuln\u00e9rabilit\u00e9s CVE-2024-23225 et CVE-2024-23296\nsont activement exploit\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214081 du 05 mars 2024",
"url": "https://support.apple.com/en-us/HT214081"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214082 du 05 mars 2024",
"url": "https://support.apple.com/en-us/HT214082"
}
]
}
CVE-2024-23243 (GCVE-0-2024-23243)
Vulnerability from cvelistv5
Published
2024-03-05 19:24
Modified
2025-02-13 17:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An app may be able to read sensitive location information
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/18"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T13:32:29.736388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:42:31.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read sensitive location information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T21:06:20.991Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214081"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23243",
"datePublished": "2024-03-05T19:24:15.717Z",
"dateReserved": "2024-01-12T22:22:21.483Z",
"dateUpdated": "2025-02-13T17:34:12.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23256 (GCVE-0-2024-23256)
Vulnerability from cvelistv5
Published
2024-03-05 19:24
Modified
2025-02-13 17:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled
Summary
A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/18"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:09:11.353040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:57:17.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user\u0027s locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user\u0027s locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T21:06:17.242Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214081"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23256",
"datePublished": "2024-03-05T19:24:10.817Z",
"dateReserved": "2024-01-12T22:22:21.488Z",
"dateUpdated": "2025-02-13T17:34:20.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23296 (GCVE-0-2024-23296)
Vulnerability from cvelistv5
Published
2024-03-05 19:24
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "14.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23296",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-09T05:00:52.848270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-03-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:23.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-06T00:00:00+00:00",
"value": "CVE-2024-23296 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214107"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/13"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214100"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214118"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:07:07.727Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214081"
},
{
"url": "https://support.apple.com/kb/HT214088"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214086"
},
{
"url": "https://support.apple.com/kb/HT214087"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/18"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"url": "https://support.apple.com/kb/HT214107"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/11"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/13"
},
{
"url": "https://support.apple.com/kb/HT214100"
},
{
"url": "https://support.apple.com/kb/HT214118"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23296",
"datePublished": "2024-03-05T19:24:13.999Z",
"dateReserved": "2024-01-12T22:22:21.502Z",
"dateUpdated": "2025-10-21T23:05:23.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23225 (GCVE-0-2024-23225)
Vulnerability from cvelistv5
Published
2024-03-05 19:24
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "12.7.4",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "13.6.5",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "14.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23225",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:58:10.651057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-03-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:23.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-06T00:00:00+00:00",
"value": "CVE-2024-23225 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214083"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214085"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/19"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T21:06:12.747Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214081"
},
{
"url": "https://support.apple.com/en-us/HT214082"
},
{
"url": "https://support.apple.com/kb/HT214083"
},
{
"url": "https://support.apple.com/kb/HT214088"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214086"
},
{
"url": "https://support.apple.com/kb/HT214085"
},
{
"url": "https://support.apple.com/kb/HT214087"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/19"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/18"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23225",
"datePublished": "2024-03-05T19:24:12.330Z",
"dateReserved": "2024-01-12T22:22:21.478Z",
"dateUpdated": "2025-10-21T23:05:23.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…