7.8
CVE-2024-23270
- EPSS 0.28%
- Veröffentlicht 08.03.2024 02:15:49
- Zuletzt bearbeitet 02.04.2026 19:17:10
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.192 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
http://seclists.org/fulldisclosure/2024/Mar/21
http://seclists.org/fulldisclosure/2024/Mar/25
https://support.apple.com/kb/HT214081
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214086
http://seclists.org/fulldisclosure/2024/Mar/22
https://support.apple.com/kb/HT214085
http://seclists.org/fulldisclosure/2024/Mar/23
https://support.apple.com/kb/HT214083
https://support.apple.com/en-us/HT214081
https://support.apple.com/en-us/HT214083
https://support.apple.com/en-us/HT214085
https://support.apple.com/en-us/HT214084
https://support.apple.com/en-us/HT214086
https://support.apple.com/en-us/120882
https://support.apple.com/en-us/120893
https://support.apple.com/en-us/120895
https://support.apple.com/en-us/120886
https://support.apple.com/en-us/120884