gsd-2024-23270
Vulnerability from gsd
Modified
2024-01-13 06:02
Details
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-23270"
],
"details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GSD-2024-23270",
"modified": "2024-01-13T06:02:12.023408Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2024-23270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.4"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "12.7"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT214086",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214086"
},
{
"name": "https://support.apple.com/en-us/HT214081",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214081"
},
{
"name": "https://support.apple.com/en-us/HT214083",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214083"
},
{
"name": "https://support.apple.com/en-us/HT214085",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214085"
},
{
"name": "https://support.apple.com/en-us/HT214084",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214084"
},
{
"name": "http://seclists.org/fulldisclosure/2024/Mar/21",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "http://seclists.org/fulldisclosure/2024/Mar/25",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"name": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2024/Mar/22"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "079C046D-9CEF-4B49-B1BB-D0376801198D",
"versionEndExcluding": "12.7.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956",
"versionEndExcluding": "13.6.5",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099",
"versionEndExcluding": "14.4",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0",
"versionEndExcluding": "17.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, tvOS 17.4. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"id": "CVE-2024-23270",
"lastModified": "2024-03-14T19:06:02.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-08T02:15:49.320",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/23"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214083"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214085"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading...