CVE-2024-23270

CVE Database · CVE-2024-23270

CVE-2024-23270

· HIGHModified

CVSS v3.1

7.8

EPSS

0.28%

Published

Mar 7, 2024

Modified

Apr 2, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787

Affected Products (6)

apple · ipad_os (up to 17.4)vulnerable

apple · iphone_os (up to 17.4)vulnerable

apple · macos (up to 12.7.4)vulnerable

apple · macos (up to 13.6.5)vulnerable

apple · macos (up to 14.4)vulnerable

apple · tvos (up to 17.4)vulnerable

References (19)

https://support.apple.com/en-us/120882

https://support.apple.com/en-us/120884

https://support.apple.com/en-us/120886

https://support.apple.com/en-us/120893

https://support.apple.com/en-us/120895

http://seclists.org/fulldisclosure/2024/Mar/21

Mailing List

http://seclists.org/fulldisclosure/2024/Mar/22

Mailing List

http://seclists.org/fulldisclosure/2024/Mar/23

Mailing List

http://seclists.org/fulldisclosure/2024/Mar/25

Mailing List

https://support.apple.com/en-us/HT214081

KEV Catalog EPSS Scores Vendors All CVEs