CVE-2024-23296
Published Mar 5, 2024
Last updated 2 months ago
AI description
CVE-2024-23296 is a memory corruption vulnerability found within Apple's RTKit real-time operating system component. This flaw, categorized as an Out-of-Bounds Write (CWE-787), arises from inadequate validation during memory operations. An attacker who has already achieved arbitrary kernel read and write capabilities could exploit this vulnerability to bypass existing kernel memory protections. Apple has acknowledged that this issue has been actively exploited in the wild, and it has been addressed in updates such as iOS 17.4 and iPadOS 17.4.
- Description
- A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- ipados, iphone_os, macos, tvos, visionos, watchos
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Memory Corruption Vulnerability
- Exploit added on
- Mar 6, 2024
- Exploit action due
- Mar 27, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-787
- Hype score
- Not currently trending
00:00 UTC: CVE-2024-23296 disclosed. CISA: CVE-2024-23296 added to Known Exploited Vulnerabilities — Apple Multiple Products Status: ✅ Confirmed exploited in the wild Date added: 2024-03-06 Required action: Apply mitigations per vendor instructions or discontinue use of…
@lyrie_ai
4 May 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
PPL bypass CVEs confirmed vulnerable on 16.5+ & 17.x. CVE-2024-23225: iOS 17.0–17.3, CVE-2024-23296: 17.1–17.4 These CVEs Could Unlock iOS 17 Jailbreak tons on iOS 16 also has plenty.
@Hermes_tooll
7 Mar 2026
8881 Impressions
7 Retweets
101 Likes
17 Bookmarks
7 Replies
1 Quote
➕ Apple’dan Kritik Güvenlik Açıkları İçin Acil Güncelleme ▪️ Apple, CVE-2024-23225 ve CVE-2024-23296 sıfırıncı gün açıklarını gidermek için iOS ve iPadOS güncellemeleri yayımladı. Bu açıklar, saldırganlara çekirdek belleği koruma önlemlerini aşma imkanı sağlıyordu. iPhone XS ve…
@fokusplusnet
20 Nov 2024
462 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Entonces teóricamente ahora con el nuevo bypass de PAC usando CVE-2024-40815, el bypass de SPTM con cve-2024-23296 y la vulnerabilidad de kernel CVE-2024-23208 que ya tiene un POC ya debería ser posible hacer un JB en iOS 17.0-17.2.1 🤔
@DanielSu121
2 Nov 2024
7285 Impressions
3 Retweets
26 Likes
10 Bookmarks
3 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "732206AE-D798-41FB-8D91-F796820F912D",
"versionEndExcluding": "16.7.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB78D53-5EC0-45E5-871B-0C18F1E6D438",
"versionEndExcluding": "17.4",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C",
"versionEndExcluding": "16.7.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FE8515-300C-4B6F-92A0-7D1E6D93F907",
"versionEndExcluding": "17.4",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5",
"versionEndExcluding": "12.7.6",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D797210-B0F0-44AE-9028-47C18C22AFA5",
"versionEndExcluding": "13.6.7",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099",
"versionEndExcluding": "14.4",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5",
"versionEndExcluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6",
"versionEndExcluding": "10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]