CVE-2024-23225

Summary

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Severity
High
Severity Score

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-ID

CWE-787

Vulnerability ID
CVE-2024-23225
Severity
High
Severity Score
7.8
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214082 https://support.apple.com/kb/HT214083 https://support.apple.com/kb/HT214088 https://support.apple.com/kb/HT214084 https://support.apple.com/kb/HT214086 https://support.apple.com/kb/HT214085 https://support.apple.com/kb/HT214087
Mitigation and Patches
Exploits
Metasploit Payload
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-787

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud AgentTenable NessusRapid7 InsightVM
Resources
CVECase StudieseBooksPolicy TemplatesBlogPricing
Company
About UsContactCareer
Try It
Patch AstraEPSS CalculatorContactFree ScanSchedule DemoLog In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :