CVE-2024-23296
Published: 05 March 2024
Summary
CVE-2024-23296 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 48.7th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A memory corruption vulnerability addressed through improved input validation affects multiple Apple operating systems, including iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, and watchOS 10.4. The flaw carries a CVSS score of 7.8 and is tracked under CWE-787.
An attacker who already possesses arbitrary kernel read and write primitives can leverage the issue to bypass kernel memory protections. Apple has stated that it is aware of a report indicating the vulnerability may have been exploited in the wild.
The referenced Apple security advisories detail that the issue is resolved in the listed operating system updates, which users should apply to eliminate the exposure. The associated EPSS score rose from a low baseline to a peak of 0.0118, indicating that exploitation interest emerged after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20815
Vulnerability details
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An…
more
attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
- CWE(s)
- KEV Date Added
- 06 March 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
The vulnerability was fixed by improved input validation that prevents the memory corruption (CWE-787) from being triggered.
Directly enforces kernel memory protections that the attacker with read/write primitives attempts to bypass.
Process isolation mechanisms limit the impact of kernel-level memory corruption on overall system security functions.