CVE-2024-23214
Summary
| CVE | CVE-2024-23214 |
|---|---|
| State | PUBLISHED |
| Assigner | apple |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-01-23 01:15:11 UTC |
| Updated | 2026-04-02 19:16:56 UTC |
| Description | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types: CWE-787 | Processing maliciously crafted web content may lead to arbitrary code execution | CWE-787 CWE-787 Out-of-bounds Write
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | ADP | DECLARED | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Apple | IOS And IPadOS | affected 16.7.5 custom | Not specified |
| CNA | Apple | IOS And IPadOS | affected 17.3 custom | Not specified |
| CNA | Apple | MacOS | affected 14.3 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| seclists.org/fulldisclosure/2024/Jan/34 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| support.apple.com/en-us/120310 | [email protected] | support.apple.com | |
| support.apple.com/en-us/120304 | [email protected] | support.apple.com | |
| support.apple.com/en-us/120309 | [email protected] | support.apple.com | |
| support.apple.com/kb/HT214059 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| seclists.org/fulldisclosure/2024/Jan/33 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| support.apple.com/kb/HT214061 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/HT214063 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/kb/HT214063 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/HT214061 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| Full Disclosure: APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| support.apple.com/en-us/HT214059 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.