SpirityCVE

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since March 6, 2024.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Apple	Ipad Os Ipados Iphone Os Macos Tvos Visionos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://www.spirityenterprise.com/managed-detection-response
https://www.spirityenterprise.com/virtual-ciso
http://seclists.org/fulldisclosure/2024/Mar/18
http://seclists.org/fulldisclosure/2024/Mar/19
http://seclists.org/fulldisclosure/2024/Mar/21
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
http://seclists.org/fulldisclosure/2024/Mar/24
http://seclists.org/fulldisclosure/2024/Mar/25
http://seclists.org/fulldisclosure/2024/Mar/26
https://support.apple.com/en-us/120880
https://support.apple.com/en-us/120881
https://support.apple.com/en-us/120882
https://support.apple.com/en-us/120883
https://support.apple.com/en-us/120884
https://support.apple.com/en-us/120886
https://support.apple.com/en-us/120893
https://support.apple.com/en-us/120895
https://support.apple.com/en-us/HT214081
https://support.apple.com/en-us/HT214082
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214085
https://support.apple.com/kb/HT214086
https://support.apple.com/kb/HT214087
https://support.apple.com/kb/HT214088
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.	A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References		https://support.apple.com/en-us/120880 https://support.apple.com/en-us/120881 https://support.apple.com/en-us/120882 https://support.apple.com/en-us/120883 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120893 https://support.apple.com/en-us/120895

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://support.apple.com/kb/HT214082

Tue, 21 Oct 2025 23:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225

Wed, 30 Jul 2025 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipad Os
CPEs		cpe:2.3:o:apple:ipad_os:-:::::::* cpe:2.3:o:apple:ipad_os:17.0:::::::* cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:apple:iphone_os:17.0:::::::* cpe:2.3:o:apple:macos:12.0.0:::::::* cpe:2.3:o:apple:macos:13.0:::::::* cpe:2.3:o:apple:macos:14.0:::::::* cpe:2.3:o:apple:tvos:-:::::::* cpe:2.3:o:apple:visionos:-:::::::*
Vendors & Products		Apple ipad Os
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 20 Dec 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipados
CPEs	cpe:2.3:o:apple:ipad_os::::::::	cpe:2.3:o:apple:ipados::::::::
Vendors & Products	Apple ipad Os	Apple ipados

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-05T19:24:12.330Z

Updated: 2026-04-02T18:20:00.500Z

Reserved: 2024-01-12T22:22:21.478Z

Link: CVE-2024-23225

Vulnrichment

Updated: 2025-11-04T18:24:41.097Z

NVD

Status : Analyzed

Published: 2024-03-05T20:16:01.370

Modified: 2026-04-03T11:43:06.533

Link: CVE-2024-23225

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object