A vulnerability classified as critical was found in Apple iOS and iPadOS (Smartphone Operating System) (unknown version). Affected by this vulnerability is an unknown code block of the component Kernel Memory Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.

The weakness was disclosed 03/08/2024. The advisory is shared at support.apple.com. This vulnerability is known as CVE-2024-23265 since 01/12/2024. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 03/08/2024). It is expected to see the exploit prices for this product increasing in the near future.

Upgrading eliminates this vulnerability.

The entries VDB-256246, VDB-256247, VDB-256248 and VDB-256249 are pretty similar.

Productinfo

Type

• Smartphone Operating System

Vendor

• Apple

Name

• iOS
• iPadOS

License

• commercial

CPE 2.3info

• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion