Cyber Resilience

CVE-2024-23225

HighCISA KEVActive ExploitationEUVD Exploited

Published: 05 March 2024

Published
05 March 2024
Modified
03 April 2026
KEV Added
06 March 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0022 44.9th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23225 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 44.9th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A memory corruption vulnerability addressed through improved input validation affects multiple Apple operating systems, including iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, and watchOS 10.4. The flaw, tracked as CVE-2024-23225 with a CVSS score of 7.8, resides in kernel-level components and is classified under CWE-787.

An attacker who already possesses arbitrary kernel read and write primitives can exploit the issue to bypass kernel memory protections. This local attack requires no user interaction and can lead to full compromise of confidentiality, integrity, and availability on the affected device.

Apple security advisories for the listed updates state that the vulnerability has been mitigated by the improved validation changes shipped in the March 2024 releases. The company notes it is aware of reports indicating the issue may have been exploited in the wild prior to patching.

EPSS scores for the CVE rose from a low baseline to a peak of 0.0197 shortly after disclosure on 2024-03-07 before receding to the current value of 0.0022, indicating a transient increase in observed exploitation interest.

EU & UK References

Vulnerability details

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An…

more

attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

CWE(s)
KEV Date Added
06 March 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 16.7.6 · 17.0 — 17.4
apple
iphone os
≤ 16.7.6 · 17.0 — 17.4
apple
macos
12.0 — 12.7.4 · 13.0 — 13.6.5 · 14.0 — 14.4
apple
tvos
≤ 17.4
apple
visionos
≤ 1.1
apple
watchos
≤ 10.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements kernel memory protections that the attacker with arbitrary read/write capability attempts to bypass.

prevent

Requires improved input validation to prevent the memory corruption (CWE-787) that enables the bypass.

prevent

Enforces process/kernel isolation boundaries that the vulnerability is designed to circumvent once initial access exists.

References