CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
59.1%
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | ipad_os | * | cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* |
apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
apple | macos | * | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
apple | tvos | * | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
apple | visionos | * | cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
apple | watchos | * | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
[
{
"vendor": "Apple",
"product": "iOS and iPadOS",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "17.4",
"versionType": "custom"
}
]
}
]
seclists.org/fulldisclosure/2024/Jul/20
seclists.org/fulldisclosure/2024/Mar/18
seclists.org/fulldisclosure/2024/Mar/21
seclists.org/fulldisclosure/2024/Mar/24
seclists.org/fulldisclosure/2024/Mar/25
seclists.org/fulldisclosure/2024/Mar/26
seclists.org/fulldisclosure/2024/May/11
seclists.org/fulldisclosure/2024/May/13
support.apple.com/en-us/HT214081
support.apple.com/kb/HT214084
support.apple.com/kb/HT214086
support.apple.com/kb/HT214087
support.apple.com/kb/HT214088
support.apple.com/kb/HT214100
support.apple.com/kb/HT214107
support.apple.com/kb/HT214118
More