Cyber Resilience

CVE-2024-23296

HighCISA KEVActive ExploitationEUVD Exploited

Published: 05 March 2024

Published
05 March 2024
Modified
03 April 2026
KEV Added
06 March 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0025 48.7th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23296 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 48.7th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A memory corruption vulnerability addressed through improved input validation affects multiple Apple operating systems, including iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, and watchOS 10.4. The flaw carries a CVSS score of 7.8 and is tracked under CWE-787.

An attacker who already possesses arbitrary kernel read and write primitives can leverage the issue to bypass kernel memory protections. Apple has stated that it is aware of a report indicating the vulnerability may have been exploited in the wild.

The referenced Apple security advisories detail that the issue is resolved in the listed operating system updates, which users should apply to eliminate the exposure. The associated EPSS score rose from a low baseline to a peak of 0.0118, indicating that exploitation interest emerged after disclosure.

EU & UK References

Vulnerability details

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An…

more

attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

CWE(s)
KEV Date Added
06 March 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 16.7.8 · 17.0 — 17.4
apple
iphone os
≤ 16.7.8 · 17.0 — 17.4
apple
macos
12.0 — 12.7.6 · 13.0 — 13.6.7 · 14.0 — 14.4
apple
tvos
≤ 17.4
apple
visionos
≤ 1.1
apple
watchos
≤ 10.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

The vulnerability was fixed by improved input validation that prevents the memory corruption (CWE-787) from being triggered.

prevent

Directly enforces kernel memory protections that the attacker with read/write primitives attempts to bypass.

prevent

Process isolation mechanisms limit the impact of kernel-level memory corruption on overall system security functions.

References