Login Sign Up

CVE-2024-23265

7.8 HIGH
Denial of Service

📋 TL;DR

This is a memory corruption vulnerability in Apple operating systems that allows malicious apps to cause system crashes or write to kernel memory. It affects multiple Apple platforms including macOS, iOS, iPadOS, watchOS, tvOS, and visionOS. The vulnerability stems from improper locking mechanisms that can be exploited to corrupt memory.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • watchOS
  • tvOS
  • visionOS
Versions: Versions prior to macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, iOS 16.7.6, iPadOS 16.7.6, tvOS 17.4
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems are vulnerable. Requires app execution privilege.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could achieve kernel-level code execution, potentially gaining full system control, installing persistent malware, or bypassing security mechanisms.

🟠

Likely Case

Malicious apps could cause system crashes (denial of service) or potentially read/write kernel memory to bypass security controls.

🟢

If Mitigated

With proper app sandboxing and security controls, impact is limited to denial of service within the affected app's context.

🌐 Internet-Facing: LOW - This requires local app execution, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Requires malicious app installation, but could be exploited via social engineering or compromised internal apps.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires app execution privileges. No public proof-of-concept available at disclosure time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, iOS 16.7.6, iPadOS 16.7.6, tvOS 17.4

Vendor Advisory: https://support.apple.com/en-us/HT214083

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Limit app installations to App Store only to prevent malicious apps from exploiting the vulnerability.

For macOS: System Settings > Privacy & Security > Allow apps downloaded from: App Store
For iOS/iPadOS: Settings > Screen Time > Content & Privacy Restrictions > iTunes & App Store Purchases > Installing Apps: Don't Allow

🧯 If You Can't Patch

  • Implement strict application allowlisting to prevent unauthorized app execution
  • Enable full disk encryption and monitor for unexpected system crashes or reboots

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On macOS: About This Mac > macOS version. On iOS/iPadOS: Settings > General > About > Version.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected system crashes/reboots
  • Kernel panic logs
  • App crash reports with memory access violations

Network Indicators:

  • No direct network indicators - local exploitation only

SIEM Query:

source="apple_system_logs" AND ("kernel panic" OR "unexpected reboot" OR "memory corruption")

📊 Metadata

CVE ID: CVE-2024-23265
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23265, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)