Apple Addresses Memory Handling Vulnerability in macOS Sonoma 14.3

CVE-2024-23208

7.8HIGH

Key Information

Vendor: Apple
Status: iOS and iPadOS; tvOS; watchOS; macOS
Vendor: CVE Published:; 23 January 2024

Badges

😄 Trended👾 Exploit Exists📰 News Worthy

Summary

CVE-2024-23208 is a memory handling vulnerability that affects various Apple operating systems, including macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3, and iPadOS 17.3. The vulnerability allows an app to execute arbitrary code with kernel privileges, posing a severe threat to device security. Apple addressed the issue with improved memory handling, eliminating the vulnerability in the mentioned operating systems. A proof-of-concept (PoC) tool for the vulnerability was published by a researcher, but as of now, no practical exploits have been developed. The release of iOS 17.3 and iPadOS 17.3 has mitigated the risks posed by CVE-2024-23208, highlighting the importance of timely software updates in protecting against potential threats.

Affected Version(s)

iOS and iPadOS < 17.3

tvOS < 17.3

watchOS < 10.3

News Articles

securityonline.info

CVE-2024-23208

CVE-2024-23208 Exposed: A PoC Tool Unveils iOS Kernel Flaw

A researcher has published a proof-of-concept (PoC) tool for a kernel vulnerability, CVE-2024-23208 remedied in iOS 17.3

10 months ago

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Feb 5, 2024
First article discovered by securityonline.info
Feb 5, 2024
Vulnerability started trending.
Feb 4, 2024
Vulnerability published.
Jan 23, 2024
Vulnerability Reserved.
Jan 12, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)