{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2024-23225", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.478Z", "datePublished": "2024-03-05T19:24:12.330Z", "dateUpdated": "2026-04-02T18:20:00.500Z" }, "containers": { "cna": { "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited." } ] } ], "affected": [ { "vendor": "Apple", "product": "iOS and iPadOS", "versions": [ { "version": "0", "status": "affected", "lessThan": "16.7.6", "versionType": "custom" }, { "version": "0", "status": "affected", "lessThan": "17.4", "versionType": "custom" } ] }, { "vendor": "Apple", "product": "macOS", "versions": [ { "version": "0", "status": "affected", "lessThan": "12.7.4", "versionType": "custom" }, { "version": "0", "status": "affected", "lessThan": "13.6.5", "versionType": "custom" }, { "version": "0", "status": "affected", "lessThan": "14.4", "versionType": "custom" } ] }, { "vendor": "Apple", "product": "tvOS", "versions": [ { "version": "0", "status": "affected", "lessThan": "17.4", "versionType": "custom" } ] }, { "vendor": "Apple", "product": "visionOS", "versions": [ { "version": "0", "status": "affected", "lessThan": "1.1", "versionType": "custom" } ] }, { "vendor": "Apple", "product": "watchOS", "versions": [ { "version": "0", "status": "affected", "lessThan": "10.4", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited." } ], "references": [ { "url": "https://support.apple.com/en-us/120880" }, { "url": "https://support.apple.com/en-us/120881" }, { "url": "https://support.apple.com/en-us/120882" }, { "url": "https://support.apple.com/en-us/120883" }, { "url": "https://support.apple.com/en-us/120884" }, { "url": "https://support.apple.com/en-us/120886" }, { "url": "https://support.apple.com/en-us/120893" }, { "url": "https://support.apple.com/en-us/120895" } ], "providerMetadata": { "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:20:00.500Z" } }, "adp": [ { "metrics": [ { "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH" } }, { "other": { "type": "ssvc", "content": { "id": "CVE-2024-23225", "role": "CISA Coordinator", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "version": "2.0.3", "timestamp": "2024-08-28T13:58:10.651057Z" } } }, { "other": { "type": "kev", "content": { "dateAdded": "2024-03-06", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225" } } } ], "affected": [ { "cpes": [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "ipad_os", "versions": [ { "status": "affected", "version": "17.0", "lessThan": "17.4", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "ipad_os", "versions": [ { "status": "affected", "version": "0", "lessThan": "16.7.6", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "iphone_os", "versions": [ { "status": "affected", "version": "0", "lessThan": "16.7.6", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "iphone_os", "versions": [ { "status": "affected", "version": "17.0", "lessThan": "17.4", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:macos:12.0.0:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "macos", "versions": [ { "status": "affected", "version": "12.0.0", "lessThan": "12.7.4", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "macos", "versions": [ { "status": "affected", "version": "13.0", "lessThan": "13.6.5", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "macos", "versions": [ { "status": "affected", "version": "14.0", "lessThan": "14.4", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "tvos", "versions": [ { "status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "visionos", "versions": [ { "status": "affected", "version": "0", "lessThan": "1.1", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "cpes": [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*" ], "vendor": "apple", "product": "watchos", "versions": [ { "status": "affected", "version": "0", "lessThan": "10.4", "versionType": "custom" } ], "defaultStatus": "unknown" } ], "references": [ { "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225", "tags": [ "government-resource" ] } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write" } ] } ], "timeline": [ { "time": "2024-03-06T00:00:00.000Z", "lang": "en", "value": "CVE-2024-23225 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:05:23.414Z" } }, { "title": "CVE Program Container", "references": [ { "url": "https://support.apple.com/en-us/HT214081", "tags": [ "x_transferred" ] }, { "url": "https://support.apple.com/en-us/HT214082", "tags": [ "x_transferred" ] }, { "url": "https://support.apple.com/kb/HT214083", "tags": [ "x_transferred" ] }, { "url": "https://support.apple.com/kb/HT214088", "tags": [ "x_transferred" ] }, { "url": "https://support.apple.com/kb/HT214084", "tags": [ "x_transferred" ] }, { "url": "https://support.apple.com/kb/HT214086", "tags": [ "x_transferred" ] }, { "url": "https://support.apple.com/kb/HT214085", "tags": [ "x_transferred" ] }, { "url": "https://support.apple.com/kb/HT214087", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/19", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/18", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/26", "tags": [ "x_transferred" ] }, { "url": "https://support.apple.com/kb/HT214082" } ], "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:24:41.097Z" } } ] } }