CVE-2024-23296: Apple Multiple Products Memory Corruption Vulnerability
Published Mar 5, 2024
·Updated
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Other sources
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
— Apple
Accessibility. This issue was addressed with additional entitlement checks.
— Apple
Admin Framework. A logic issue was addressed with improved checks.
— Apple
Airport. This issue was addressed with improved redaction of sensitive information.
— Apple
APFS. The issue was addressed with improved restriction of data container access.
— Apple
Credit
CVE-2024-23296, an anonymous researcher, Pr(Bar), Pr(Hebrew University), EP, an anonymous researcher(Concentrix), 凯 王(Concentrix), Steven Maser(Concentrix), Matthew McLean(Concentrix), Brandon Chesser(Concentrix), CPU IT inc(Concentrix), (Concentrix), Avalon IT Team(Concentrix), LFY@@secsys(Fudan University), Daniel Zajork, Joshua Zajork, Meysam Firouzi@@R00tkitsmm(Trend Micro Zero Day Initiative), Mickey Jin@@patch1t, Pedro Tôrres@@t0rr3sp3dr0, CVE-2024-27806, Yann GASCUEL(Alter Solutions), ajajfxhj, Kirin@@Pwnrin, 小来来@@Smi1eSEC, pattern-f@@pattern_F_(Ant Security Light), Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), CVE-2024-6387, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), Csaba Fitzl@@theevilbit(Kandji), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Yadhu Krishna M(Cyber Security At Suma Soft Pvt), Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Pune (India), Joshua Jones, Adam M., Marcio Almeida(Tanto Security), Jiahui Hu (梅零落)(NorthSea), Meng Zhang (鲸落)(NorthSea), Matthew Loewen, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2023-6277, CVE-2023-52356, Yisumi, sqrtpwn, Minghao Lin(Zhejiang University), Jiaxun Zhu(Zhejiang University), Patrick Wardle(DoubleYou), Minghao Lin(Baidu Security), (Baidu Security), Ye Zhang@@VAR10CK(Baidu Security), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), D4m0n, Dohyun Lee@@l33d0hyun, Romy R., Maksymilian Motyl(Immunity Systems), Junsung Lee(Trend Micro Zero Day Initiative), Emilio Cobos(Mozilla), Manfred Paul@@_manfp(Trend Micro Zero Day Initiative), Manfred Paul@@_manfp(Trend Micro's Zero Day Initiative), Jeff Johnson(underpassapp), Gil Pedersen, CVE-2024-23225, koocola, ali yabuz, @@08Tc3wBB(Jamf), CVE-2024-23283, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, Bohdan Stasiuk@@Bohdan_Stasiuk, Harsh Tyagi, Wojciech Regula(SecuRing), Lyra Rebane (rebane2001), Matej Rabzelj, CVE-2024-23238, Yiğit Can YILMAZ@@yilmazcanyigit, luckyu@@uuulucky, K宝(Fudan University), Lewis Hardy, Bistrit Dahal, CVE-2024-23241, CVE-2024-23242, Joshua Jewett@@JoshJewett33, Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik, anbu1024(SecANT), Pwn2car, James Lee@@Windowsrcer, Johan Carlsson (joaxcar), Georg Felber, Marco Squarcina, Zhenjiang Zhao(pangu team), Qianxin(CrowdStrike Counter Adversary Operations), (CrowdStrike Counter Adversary Operations), Lyutoon, Mr.R, Murray Mike, CVE-2024-23235, Xinru Chi(Pangu Lab), m4yfly with TianGong Team(Legendsec at Qi'anxin Group), Guilherme Rambo(Best Buddy Apps), Csaba Fitzl@@theevilbit(OffSec), CVE-2024-23205, CVE-2022-48554, Marc Newlin(SkySafe), Brian McNulty, Stephan Casas, CVE-2024-23291, CVE-2024-23220, Patrick Reardon, scj643, Om Kothawade, Cristian Dinca(Computer Science), Romania
Affected Software
21 affected componentsFixes available
Apple Multiple Products
Apple macOS Sonoma<14.4
14.4
Apple tvOS<17.4
17.4
Apple WatchOS<10.4
10.4
Apple visionOS<1.1
1.1
Apple macOS Monterey<12.7.6
12.7.6
Apple macOS Ventura<13.6.7
13.6.7
Apple iOS<17.4
17.4
Apple iPadOS<17.4
17.4
Apple iOS<16.7.8
16.7.8
Apple iPadOS<16.7.8
16.7.8
Apple iPadOS<16.7.8
Apple iPadOS>=17.0<17.4
Apple iPhone OS<16.7.8
Apple iPhone OS>=17.0<17.4
Apple macOS>=12.0<12.7.6
Apple macOS>=13.0<13.6.7
Apple macOS>=14.0<14.4
Apple tvOS<17.4
Apple visionOS<1.1
Apple WatchOS<10.4
Remediation
Information
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Event History
Mar 5, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Weakness
CVE Published
via MITRE·07:24 PM
Data Sourced
via MITRE·07:24 PM
DescriptionWeakness
Data Sourced
via NVD·08:16 PM
DescriptionSeverityWeaknessAffected Software
Mar 6, 2024
Known Exploited
via CISA·12:00 AM
News Published
via The Register·05:01 PM
News Published
via The Register·05:06 PM
May 13, 2024
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
May 14, 2024
News Published
via The Register·10:15 PM
Feb 8, 2026
News Published
via The Register·10:25 PM
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2024-23225
- CVE-2024-23243
- CVE-2024-23256
- CVE-2024-23291
- CVE-2024-23276
- CVE-2024-23227
- CVE-2024-27886
- CVE-2024-23233
- CVE-2024-23269
- CVE-2024-23288
- CVE-2024-23277
- CVE-2024-23247
- CVE-2024-23248
- CVE-2024-23249
- CVE-2024-23250
- CVE-2024-23299
- CVE-2024-23244
- CVE-2024-23205
- CVE-2022-48554
- CVE-2024-23229
- CVE-2024-27789
- CVE-2024-23253
- CVE-2024-23270
- CVE-2024-23257
- CVE-2024-23258
- CVE-2024-23286
- CVE-2024-23234
- CVE-2024-23266
- CVE-2024-23235
- CVE-2024-23265
- CVE-2024-27853
- CVE-2024-23278
- CVE-2024-0258
- CVE-2024-23279
- CVE-2024-23287
- CVE-2024-23264
- CVE-2024-23285
- CVE-2024-27809
- CVE-2024-23283
- CVE-2024-27887
- CVE-2023-48795
- CVE-2023-51384
- CVE-2023-51385
- CVE-2022-42816
- CVE-2024-23216
- CVE-2024-23267
- CVE-2024-23268
- CVE-2024-23274
- CVE-2023-42853
- CVE-2024-23275
- CVE-2024-27888
- CVE-2024-23255
- CVE-2024-23294
- CVE-2024-23296
- CVE-2024-23259
- CVE-2024-23273
- CVE-2024-23238
- CVE-2024-23239
- CVE-2024-23290
- CVE-2024-23232
- CVE-2024-23231
- CVE-2024-23230
- CVE-2024-23245
- CVE-2024-23292
- CVE-2024-23289
- CVE-2024-23293
- CVE-2024-23241
- CVE-2024-23272
- CVE-2024-23242
- CVE-2024-23281
- CVE-2024-27792
- CVE-2024-23261
- CVE-2024-23260
- CVE-2024-23246
- CVE-2024-23226
- CVE-2024-23254
- CVE-2024-23263
- CVE-2024-23280
- CVE-2024-23284
- CVE-2024-23297
- CVE-2024-54658
- CVE-2024-27859
- CVE-2024-23262
- CVE-2024-23295
- CVE-2024-23220
- CVE-2024-40783
- CVE-2024-27826
- CVE-2024-40775
- CVE-2024-40774
- CVE-2024-27877
- CVE-2024-40799
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40828
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40816
- CVE-2024-40788
- CVE-2024-40803
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40800
- CVE-2024-40817
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-40833
- CVE-2024-40835
- CVE-2024-40807
- CVE-2024-40834
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-44205
- CVE-2024-27805
- CVE-2024-27817
- CVE-2024-27831
- CVE-2024-27827
- CVE-2024-27799
- CVE-2024-27840
- CVE-2024-27823
- CVE-2023-42861
- CVE-2024-27810
- CVE-2024-27800
- CVE-2024-27802
- CVE-2024-27885
- CVE-2024-27824
- CVE-2024-27843
- CVE-2024-27855
- CVE-2024-27806
- CVE-2024-27798
- CVE-2024-27847
- CVE-2024-27796
- CVE-2024-23240
- CVE-2024-40771
- CVE-2024-27818
- CVE-2024-23251
- CVE-2024-23282
- CVE-2024-27807
- CVE-2024-27856
- CVE-2024-27838
- CVE-2024-27833
- CVE-2024-27834
- CVE-2024-27820
Frequently Asked Questions
1
What is the severity of CVE-2024-23296?
CVE-2024-23296 is a critical vulnerability due to memory corruption that could allow an attacker to bypass kernel memory protections.
2
How do I fix CVE-2024-23296?
To fix CVE-2024-23296, users should update their devices to iOS 17.4, iPadOS 17.4, watchOS 10.4, tvOS 17.4, visionOS 1.1, or macOS versions as specified in the vulnerability details.
3
Which Apple products are affected by CVE-2024-23296?
CVE-2024-23296 affects multiple Apple products including iOS, iPadOS, watchOS, tvOS, and various macOS versions.
4
What types of attacks could exploit CVE-2024-23296?
CVE-2024-23296 could be exploited by attackers capable of executing arbitrary kernel read and write operations.
5
Is there a known workaround for CVE-2024-23296?
As of now, a specific workaround for CVE-2024-23296 has not been documented, and updating the software is recommended.