CVE-2024-23225 — Apple Multiple Products Memory Corruption Vulnerability
2024-03-06 • CISA Known Exploited Vulnerability
[event] Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Apple |
| Product | Multiple Products |
| CWE | CWE-787 |
| CVE ID | CVE-2024-23225 |
| Date Added | 2024-03-06 |
| Due Date | 2024-03-27 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-03-27
> REFERENCES
- [1] https://support.apple.com/en-us/HT214081,
- [2] https://support.apple.com/en-us/HT214082,
- [3] https://support.apple.com/en-us/HT214083,
- [4] https://support.apple.com/en-us/HT214084,
- [5] https://support.apple.com/en-us/HT214085,
- [6] https://support.apple.com/en-us/HT214086,
- [7] https://support.apple.com/en-us/HT214087,
- [8] https://support.apple.com/en-us/HT214088
- [9] https://nvd.nist.gov/vuln/detail/CVE-2024-23225