Login Sign Up

CVE-2024-23286

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Apple's image processing components allows arbitrary code execution when processing malicious images. This affects multiple Apple operating systems including macOS, iOS, iPadOS, watchOS, tvOS, and visionOS. Attackers can exploit this by tricking users into opening specially crafted image files.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • watchOS
  • tvOS
  • visionOS
Versions: Versions prior to macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, iOS 16.7.6, iPadOS 16.7.6, tvOS 17.4
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable as image processing is a core system function. No special configurations required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level privileges leading to complete data theft, persistent backdoor installation, and lateral movement across networks.

🟠

Likely Case

Remote code execution with user privileges, allowing data exfiltration, ransomware deployment, or credential theft from the compromised device.

🟢

If Mitigated

Limited impact with proper network segmentation, application sandboxing, and user education preventing malicious image processing.

🌐 Internet-Facing: MEDIUM - Requires user interaction to process malicious images, but common attack vectors include web browsing, email attachments, and messaging apps.
🏢 Internal Only: MEDIUM - Internal users could be targeted via internal communications or file shares containing malicious images.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to process malicious images but no authentication. Buffer overflow exploitation typically requires specific knowledge of memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, iOS 16.7.6, iPadOS 16.7.6, tvOS 17.4

Vendor Advisory: https://support.apple.com/en-us/HT214083

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted. For managed devices, use MDM tools to deploy updates.

🔧 Temporary Workarounds

Disable automatic image processing

all

Configure applications to not automatically process or preview image files from untrusted sources.

Application sandboxing enforcement

all

Ensure all applications processing images run with minimal privileges using Apple's sandboxing features.

🧯 If You Can't Patch

  • Implement strict email filtering to block suspicious image attachments
  • Deploy endpoint protection with memory protection and exploit prevention capabilities

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On macOS: About This Mac > macOS version. On iOS/iPadOS: Settings > General > About > Version.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version (no CLI command available)

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official section.

📡 Detection & Monitoring

Log Indicators:

  • Crash reports from image processing applications
  • Unexpected process creation from image viewers
  • Memory access violation logs

Network Indicators:

  • Unusual outbound connections after image file access
  • DNS requests to suspicious domains following image processing

SIEM Query:

source="apple_system_logs" AND (process="image" OR process="preview") AND (event="crash" OR event="memory_violation")

📊 Metadata

CVE ID: CVE-2024-23286
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: March 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23286, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)