CVE-2024-23225
Published: 05 March 2024
Summary
CVE-2024-23225 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 44.9th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A memory corruption vulnerability addressed through improved input validation affects multiple Apple operating systems, including iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, and watchOS 10.4. The flaw, tracked as CVE-2024-23225 with a CVSS score of 7.8, resides in kernel-level components and is classified under CWE-787.
An attacker who already possesses arbitrary kernel read and write primitives can exploit the issue to bypass kernel memory protections. This local attack requires no user interaction and can lead to full compromise of confidentiality, integrity, and availability on the affected device.
Apple security advisories for the listed updates state that the vulnerability has been mitigated by the improved validation changes shipped in the March 2024 releases. The company notes it is aware of reports indicating the issue may have been exploited in the wild prior to patching.
EPSS scores for the CVE rose from a low baseline to a peak of 0.0197 shortly after disclosure on 2024-03-07 before receding to the current value of 0.0022, indicating a transient increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20744
Vulnerability details
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An…
more
attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
- CWE(s)
- KEV Date Added
- 06 March 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements kernel memory protections that the attacker with arbitrary read/write capability attempts to bypass.
Requires improved input validation to prevent the memory corruption (CWE-787) that enables the bypass.
Enforces process/kernel isolation boundaries that the vulnerability is designed to circumvent once initial access exists.