CVE-2024-23296 — Apple Multiple Products Memory Corruption Vulnerability

2024-03-06 • CISA Known Exploited Vulnerability

[event] Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

> AFFECTED SOFTWARE

Field	Value
Vendor	Apple
Product	Multiple Products
CWE	CWE-787
CVE ID	CVE-2024-23296
Date Added	2024-03-06
Due Date	2024-03-27
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-03-27

> REFERENCES

[1] https://support.apple.com/en-us/HT214081,
[2] https://support.apple.com/en-us/HT214082,
[3] https://support.apple.com/en-us/HT214084,
[4] https://support.apple.com/en-us/HT214086,
[5] https://support.apple.com/en-us/HT214088
[6] https://nvd.nist.gov/vuln/detail/CVE-2024-23296