A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2024/Mar/18 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Mar/21 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Mar/24 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Mar/25 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Mar/26 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/May/11 | |
http://seclists.org/fulldisclosure/2024/May/13 | |
https://support.apple.com/en-us/HT214081 | Vendor Advisory |
https://support.apple.com/kb/HT214084 | Vendor Advisory |
https://support.apple.com/kb/HT214086 | Vendor Advisory |
https://support.apple.com/kb/HT214087 | Vendor Advisory |
https://support.apple.com/kb/HT214088 | Vendor Advisory |
https://support.apple.com/kb/HT214100 | |
https://support.apple.com/kb/HT214107 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2024-03-05T19:24:13.999Z
Updated: 2024-03-05T19:24:13.999Z
Reserved: 2024-01-12T22:22:21.502Z
Link: CVE-2024-23296
JSON object: View
NVD Information
Status : Modified
Published: 2024-03-05T20:16:01.553
Modified: 2024-06-10T18:15:26.090
Link: CVE-2024-23296
JSON object: View
Redhat Information
No data.
CWE