A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since March 6, 2024.

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Apple
  • Ipad Os
  • Iphone Os
  • Macos
  • Tvos
  • Visionos
  • Watchos

Configuration 1 [-]

OR cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://seclists.org/fulldisclosure/2024/Jul/20 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/18 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/21 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/24 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/25 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/26 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/May/11 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/May/13 cve-icon cve-icon
https://support.apple.com/en-us/HT214081 cve-icon cve-icon
https://support.apple.com/kb/HT214084 cve-icon cve-icon
https://support.apple.com/kb/HT214086 cve-icon cve-icon
https://support.apple.com/kb/HT214087 cve-icon cve-icon
https://support.apple.com/kb/HT214088 cve-icon cve-icon
https://support.apple.com/kb/HT214100 cve-icon cve-icon
https://support.apple.com/kb/HT214107 cve-icon cve-icon
https://support.apple.com/kb/HT214118 cve-icon cve-icon
History

Wed, 30 Jul 2025 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-05T19:24:13.999Z

Updated: 2025-07-30T01:37:06.098Z

Reserved: 2024-01-12T22:22:21.502Z

Link: CVE-2024-23296

cve-icon Vulnrichment

Updated: 2024-08-01T22:59:32.205Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-05T20:16:01.553

Modified: 2024-12-20T16:51:47.810

Link: CVE-2024-23296

cve-icon Redhat

No data.