CVE-2024-23208: Code Injection
Published Jan 22, 2024
·Updated
Apple Neural Engine. The issue was addressed with improved memory handling.
Credit
fmyy@@binary_fmyy(TIANGONG Team of Legendsec at QI), lime(TIANGONG Team of Legendsec at QI), Koh M. Nakagawa(FFRI Security Inc), an anonymous researcher, Noah Roskin-Frazee, Pr, Ian de Marcellus, Mark Bowers, Jubaer Alnazi@@h33tjubaer, Kirin@@Pwnrin, Zhongquan Li@@Guluisacat, Wangtaiyu(Zhongfu info), James Lee@@Windowsrcer, Clemens Lang, Ye Zhang(Baidu Security)
Affected Software
10 affected componentsFixes available
Apple macOS Sonoma<14.3
14.3
Apple tvOS<17.3
17.3
Apple WatchOS<10.3
10.3
Apple iOS<17.3
17.3
Apple iPadOS<17.3
17.3
Apple iPadOS<17.3
Apple iPhone OS<17.3
Apple macOS>=14.0<14.3
Apple tvOS<10.3
Apple WatchOS<10.3
Event History
Jan 22, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Jan 23, 2024
CVE Published
via MITRE·12:25 AM
Data Sourced
via MITRE·12:25 AM
DescriptionWeakness
Frequently Asked Questions
1
What is the severity of CVE-2024-23208?
CVE-2024-23208 is classified as a high-severity vulnerability due to its potential to allow arbitrary code execution with kernel privileges.
2
How do I fix CVE-2024-23208?
To remediate CVE-2024-23208, users should update to macOS Sonoma 14.3, iOS 17.3, iPadOS 17.3, watchOS 10.3, or tvOS 17.3.
3
What are the potential impacts of CVE-2024-23208?
The exploitation of CVE-2024-23208 may lead to unauthorized access or control over affected devices, putting user data at risk.
4
Which devices are affected by CVE-2024-23208?
CVE-2024-23208 affects devices running macOS, iOS, iPadOS, watchOS, and tvOS versions prior to the latest updates.
5
Is CVE-2024-23208 being actively exploited?
There is currently no public indication of active exploitation of CVE-2024-23208, but it is recommended to apply updates promptly.