AttackerKBAKB:42727382-CDC8-42FA-AC34-C56CC81B7A0FCVE-2024-23296
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.2%
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
References
seclists.org/fulldisclosure/2024/Mar/18
seclists.org/fulldisclosure/2024/Mar/21
seclists.org/fulldisclosure/2024/Mar/24
seclists.org/fulldisclosure/2024/Mar/25
seclists.org/fulldisclosure/2024/Mar/26
seclists.org/fulldisclosure/2024/May/11
seclists.org/fulldisclosure/2024/May/13
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23296
support.apple.com/en-us/HT214081
support.apple.com/kb/HT214084
support.apple.com/kb/HT214086
support.apple.com/kb/HT214087
support.apple.com/kb/HT214088
support.apple.com/kb/HT214100
support.apple.com/kb/HT214107
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.2%