AttackerKBAKB:CCBDC74C-048A-4E7D-A678-32C6B7756DF1CVE-2024-23225
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
58.9%
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
References
seclists.org/fulldisclosure/2024/Mar/18
seclists.org/fulldisclosure/2024/Mar/19
seclists.org/fulldisclosure/2024/Mar/21
seclists.org/fulldisclosure/2024/Mar/22
seclists.org/fulldisclosure/2024/Mar/24
seclists.org/fulldisclosure/2024/Mar/25
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23225
support.apple.com/en-us/HT214081
support.apple.com/en-us/HT214082
support.apple.com/kb/HT214083
support.apple.com/kb/HT214084
support.apple.com/kb/HT214085
support.apple.com/kb/HT214086
support.apple.com/kb/HT214087
support.apple.com/kb/HT214088
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
58.9%