CVE-2024-23225: Apple Multiple Products Memory Corruption Vulnerability

CVE ID

CVE-2024-23225

Vulnerability Name

Apple Multiple Products Memory Corruption Vulnerability

• Project: Apple
• Product: Multiple Products

Date

• Date Added: 2024-03-06
• Due Date: 2024-03-27

Description

Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214083, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214085, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214087, https://support.apple.com/en-us/HT214088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23225

Related Security News

• Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
• Apple backports fix for zero-day exploited in attacks to older iPhones

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List