CVE-2024-23208

Published: Jan 23, 2024Modified: Apr 2, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Watchos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.3
Apple Iphone Os	Before 17.3
Apple Macos	From 14.0 to 14.3
Apple Tvos	Before 10.3
Apple Watchos	Before 10.3

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (14)

https://support.apple.com/en-us/120304

Source: product-security@apple.com

https://support.apple.com/en-us/120306

Source: product-security@apple.com

https://support.apple.com/en-us/120309

Source: product-security@apple.com

https://support.apple.com/en-us/120311

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Jan/33