CVE-2024-23214 — Out-of-bounds Write in Apple IOS AND Ipados

CWE-787 — Out-of-bounds Write6 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 51.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Ipados +4 more

Timeline

PublishedJan 23

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDapple/ipados< 16.7.5+1

▶CVEListV5apple/ios_and_ipados< 16.7.5+1

▶Appleapple/macos_sonoma14.3

▶Appleapple/ios_17.3_and_ipados17.3

▶Appleapple/ios_16.7.5_and_ipados16.7.5

🔴Vulnerability Details

GHSA

GHSA-4287-v2hm-q9f2: Multiple memory corruption issues were addressed with improved memory handling↗2024-01-23

▶

OSV

CVE-2024-23214: Multiple memory corruption issues were addressed with improved memory handling↗2024-01-23

▶

📋Vendor Advisories

Apple

CVE-2024-23214: macOS Sonoma 14.3↗2024-01-22

▶

Apple

CVE-2024-23214: iOS 17.3 and iPadOS 17.3↗2024-01-22

▶

Apple

CVE-2024-23214: iOS 16.7.5 and iPadOS 16.7.5↗2024-01-22

▶