Skip to main content

Apple iOS CVE-2024-23225

HIGH
Out-of-bounds Write (CWE-787)
2024-03-05 product-security@apple.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Apr 03, 2026 - 11:43 cisa
CISA KEV
CVE Published
Mar 05, 2024 - 20:16 nvd
HIGH 7.8

DescriptionCVE.org

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

AnalysisAI

Kernel memory protection bypass in Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows a local attacker who already possesses arbitrary kernel read/write primitives to defeat additional kernel mitigations and achieve full kernel compromise. The flaw is confirmed actively exploited (CISA KEV) and Apple has acknowledged reports of exploitation, making this a critical post-exploitation primitive used in real-world attack chains despite a modest 0.16% EPSS score indicating targeted rather than mass exploitation.

Technical ContextAI

The vulnerability is a memory corruption flaw (CWE-787, Out-of-bounds Write) in the XNU kernel shared across Apple's operating systems, addressed via improved validation according to Apple's advisory. CPE data confirms the issue spans the full Apple ecosystem - iPhone OS, iPadOS, macOS (Monterey, Ventura, Sonoma), tvOS, visionOS, and watchOS - indicating a shared kernel component. The bug enables bypass of kernel memory protections such as PPL (Page Protection Layer) or KTRR, mitigations specifically designed to contain attackers who already have kernel R/W, meaning this is a chained-exploit primitive rather than an initial entry point.

RemediationAI

Vendor-released patches are available: upgrade to iOS/iPadOS 16.7.6 or 17.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, or watchOS 10.4 - apply via standard Apple software update channels and Apple's support advisories. There are no practical pre-patch workarounds because the flaw lives in the kernel and is reachable from any code already running with kernel R/W; compensating controls focus on reducing initial-access risk by enforcing Lockdown Mode on high-risk users (which restricts attack surface but limits messaging, web, and configuration features), keeping MDM enrollment with mandatory minimum OS versions, and disabling MDM-managed device enrollment for unpatched devices. For fleet managers, blocking enrollment of devices below the patched build via conditional access policies is the most concrete control.

Share

CVE-2024-23225 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy