CVE-2024-23296:
Memory corruption in Apple's kernel could allow an attacker with arbitrary kernel read/write capability to bypass kernel memory protections; the issue is fixed in iOS 17.4 and iPadOS 17.4, with related updates for other Apple platforms.
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.8High- Published Date:Mar 5, 2024
- CISA KEV Date:Mar 6, 2024
- Industries Affected:20
1 DaysThreat Predictions
- EPSS Score:0.2
- EPSS Percentile:38%
Exploitability
- Score:1.8
- Attack Vector:LOCAL
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Memory corruption in Apple's kernel could allow an attacker with arbitrary kernel read/write capability to bypass kernel memory protections; the issue is fixed in iOS 17.4 and iPadOS 17.4, with related updates for other Apple platforms.
Overview
CVE-2024-23296 is a kernel memory corruption vulnerability in Apple devices that could enable an attacker with local, arbitrary read/write access to bypass kernel memory protections. Apple fixed the issue via validation improvements in iOS 17.4 and iPadOS 17.4, and the problem has been associated with several Apple platforms prior to their fixed versions. The vulnerability is categorized as CWE-787 (Out-of-bounds Write) with a high-impact profile across confidentiality, integrity, and availability, and is deemed exploitable without user interaction, albeit requiring local access and low privileges.
Remediation
- Upgrade all affected Apple devices to the fixed versions:
- iOS 17.4 or later
- iPadOS 17.4 or later
- macOS 14.4 or later
- tvOS 17.4 or later
- watchOS 10.4 or later
- VisionOS 1.1 or later
- If immediate upgrade is not possible, enable automatic software updates where feasible and use device management (MDM) to accelerate patch deployment for enrolled devices.
- Verify patch installation on devices via management consoles or OS version checks to ensure the fixed versions are active.
- Prioritize patching in enterprise environments and test compatibility before broad deployment.
- Monitor security advisories and known-exploited vulnerability catalogs (e.g., CISA KEV) for updates and guidance related to this CVE.
- After patching, maintain defense-in-depth with regular monitoring for kernel-level anomalies and ensure baseline security controls remain enforced.
References
- - https://support.apple.com/en-us/HT214081
- - https://support.apple.com/kb/HT214088
- - https://support.apple.com/kb/HT214084
- - https://support.apple.com/kb/HT214086
- - https://support.apple.com/kb/HT214087
- - http://seclists.org/fulldisclosure/2024/Mar/18
- - http://seclists.org/fulldisclosure/2024/Mar/21
- - http://seclists.org/fulldisclosure/2024/Mar/25
- - http://seclists.org/fulldisclosure/2024/Mar/24
- - http://seclists.org/fulldisclosure/2024/Mar/26
- - https://support.apple.com/kb/HT214107
- - http://seclists.org/fulldisclosure/2024/May/11
- - http://seclists.org/fulldisclosure/2024/May/13
- - https://support.apple.com/kb/HT214100
- - https://support.apple.com/kb/HT214118
- - http://seclists.org/fulldisclosure/2024/Jul/20
- - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23296
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Mar 5, 2024
- CISA KEV Date:Mar 6, 2024
- Days Early:1 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
