⚠ Actively exploited
Added to CISA KEV on 2024-03-06. Federal agencies required to patch by 2024-03-27. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-23296 — Out-of-bounds Write in Apple IOS AND Ipados
Severity
7.8HIGHNVD
EPSS
0.2%
top 58.44%
CISA KEV
KEV
Added 2024-03-06
Due 2024-03-27
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 5
KEV addedMar 6
KEV dueMar 27
Latest updateNov 25
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9