Login Sign Up

CVE-2024-23258

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by exploiting an out-of-bounds read when processing malicious images. It affects Apple visionOS and macOS systems, potentially enabling remote code execution without user interaction.

💻 Affected Systems

Products:
  • visionOS
  • macOS
Versions: visionOS before 1.1, macOS Sonoma before 14.4
Operating Systems: visionOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems processing images through vulnerable components. All default configurations are vulnerable.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the affected device, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Arbitrary code execution with the privileges of the user processing the image, potentially leading to malware installation or data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation, application sandboxing, and least privilege principles in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires processing a malicious image, which could occur through various attack vectors including web browsing, email attachments, or file downloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: visionOS 1.1, macOS Sonoma 14.4

Vendor Advisory: https://support.apple.com/en-us/HT214084

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install available updates 5. Restart when prompted

🔧 Temporary Workarounds

Disable automatic image processing

all

Configure applications to not automatically process or preview image files from untrusted sources

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable systems
  • Deploy application allowlisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check system version: visionOS < 1.1 or macOS Sonoma < 14.4

Check Version:

sw_vers (macOS) or system_profiler SPSoftwareDataType (both)

Verify Fix Applied:

Verify system version is visionOS 1.1 or macOS Sonoma 14.4 or later

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes related to image processing
  • Suspicious child processes spawned from image viewers

Network Indicators:

  • Unusual outbound connections from image processing applications

SIEM Query:

Process creation events where parent process is an image viewer or editor

📊 Metadata

CVE ID: CVE-2024-23258
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: March 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23258, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)