CVE-2024-23288
📋 TL;DR
This vulnerability allows an application to elevate its privileges on affected Apple devices, potentially gaining unauthorized access to system resources. It affects users running older versions of tvOS, iOS, iPadOS, macOS Sonoma, and watchOS before the patched releases.
💻 Affected Systems
- tvOS
- iOS
- iPadOS
- macOS Sonoma
- watchOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker could gain full system control, access sensitive data, or install persistent malware.
Likely Case
Malicious apps could bypass sandbox restrictions to access user data or system functions.
If Mitigated
With proper app vetting and security controls, exploitation risk is significantly reduced.
🎯 Exploit Status
Exploitation requires a malicious app to be installed and executed on the target device.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: tvOS 17.4, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4
Vendor Advisory: https://support.apple.com/en-us/HT214081
Restart Required: Yes
Instructions:
1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS. 2. Go to System Settings > General > Software Update on macOS. 3. Install the available update. 4. Restart the device when prompted.
🔧 Temporary Workarounds
Restrict App Installation
allOnly allow installation of apps from trusted sources like the App Store
🧯 If You Can't Patch
- Implement strict app installation policies to prevent untrusted apps
- Use mobile device management (MDM) to enforce security controls
🔍 How to Verify
Check if Vulnerable:
Check the OS version in Settings > General > About (iOS/iPadOS) or System Settings > General > About (macOS)Check Version:
sw_vers (macOS) or check Settings > General > About (iOS/iPadOS)Verify Fix Applied:
Verify the OS version matches or exceeds the patched versions listed above📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- App sandbox violation logs
Network Indicators:
- Unusual outbound connections from system processes
SIEM Query:
Search for process elevation events or sandbox violation logs on Apple devices🔗 References
- http://seclists.org/fulldisclosure/2024/Mar/21
- http://seclists.org/fulldisclosure/2024/Mar/24
- http://seclists.org/fulldisclosure/2024/Mar/25
- https://support.apple.com/en-us/HT214081
- https://support.apple.com/en-us/HT214084
- https://support.apple.com/en-us/HT214086
- https://support.apple.com/en-us/HT214088
- http://seclists.org/fulldisclosure/2024/Mar/21
- http://seclists.org/fulldisclosure/2024/Mar/24
- http://seclists.org/fulldisclosure/2024/Mar/25
- https://support.apple.com/en-us/HT214081
- https://support.apple.com/en-us/HT214084
- https://support.apple.com/en-us/HT214086
- https://support.apple.com/en-us/HT214088
- https://support.apple.com/kb/HT214081
- https://support.apple.com/kb/HT214084
- https://support.apple.com/kb/HT214086
- https://support.apple.com/kb/HT214088
