CVE-2024-23296: Apple Multiple Products Memory Corruption Vulnerability

CVE ID

CVE-2024-23296

Vulnerability Name

Apple Multiple Products Memory Corruption Vulnerability

• Project: Apple
• Product: Multiple Products

Date

• Date Added: 2024-03-06
• Due Date: 2024-03-27

Description

Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23296

Related Security News

• Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
• Apple backports fix for zero-day exploited in attacks to older iPhones

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List