Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Classification

CVE ID: CVE-2024-23296

Affected Products

Vendor: Apple

Product: iOS and iPadOS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.18% (probability of being exploited)

EPSS Percentile: 56.34% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://support.apple.com/en-us/HT214081
https://support.apple.com/kb/HT214088
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214086
https://support.apple.com/kb/HT214087
http://seclists.org/fulldisclosure/2024/Mar/18
http://seclists.org/fulldisclosure/2024/Mar/21
http://seclists.org/fulldisclosure/2024/Mar/25
http://seclists.org/fulldisclosure/2024/Mar/24
http://seclists.org/fulldisclosure/2024/Mar/26
https://support.apple.com/kb/HT214107
http://seclists.org/fulldisclosure/2024/May/11
http://seclists.org/fulldisclosure/2024/May/13
https://support.apple.com/kb/HT214100
https://support.apple.com/kb/HT214118
http://seclists.org/fulldisclosure/2024/Jul/20

Timeline