NVD脆弱性詳細

CVE-2024-23225

概要	A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
公表日	2024年3月6日5:16
登録日	2024年3月6日10:00
最終更新日	2024年11月21日17:57

CVSS3.1 : HIGH
スコア	7.8
ベクター	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:o:apple:ipad_os::::::::				16.7.6
cpe:2.3:o:apple:iphone_os::::::::	17.0			17.4
cpe:2.3:o:apple:ipad_os::::::::	17.0			17.4
cpe:2.3:o:apple:iphone_os::::::::				16.7.6
cpe:2.3:o:apple:macos::::::::	12.0			12.7.4
cpe:2.3:o:apple:macos::::::::	14.0			14.4
cpe:2.3:o:apple:macos::::::::	13.0			13.6.5
cpe:2.3:o:apple:tvos::::::::				17.4
cpe:2.3:o:apple:visionos::::::::				1.1
cpe:2.3:o:apple:watchos::::::::				10.4

関連情報、対策とツール

No	URL	タグ
1	http://seclists.org/fulldisclosure/2024/Mar/18	Mailing List Third Party Advisory
2	http://seclists.org/fulldisclosure/2024/Mar/18	Mailing List Third Party Advisory
3	http://seclists.org/fulldisclosure/2024/Mar/19	Mailing List Third Party Advisory
4	http://seclists.org/fulldisclosure/2024/Mar/19	Mailing List Third Party Advisory
5	http://seclists.org/fulldisclosure/2024/Mar/21	Mailing List Third Party Advisory
6	http://seclists.org/fulldisclosure/2024/Mar/21	Mailing List Third Party Advisory
7	http://seclists.org/fulldisclosure/2024/Mar/22	Mailing List Third Party Advisory
8	http://seclists.org/fulldisclosure/2024/Mar/22	Mailing List Third Party Advisory
9	http://seclists.org/fulldisclosure/2024/Mar/23	Mailing List Third Party Advisory
10	http://seclists.org/fulldisclosure/2024/Mar/23	Mailing List Third Party Advisory
11	http://seclists.org/fulldisclosure/2024/Mar/24	Mailing List Third Party Advisory
12	http://seclists.org/fulldisclosure/2024/Mar/24	Mailing List Third Party Advisory
13	http://seclists.org/fulldisclosure/2024/Mar/25	Mailing List Third Party Advisory
14	http://seclists.org/fulldisclosure/2024/Mar/25	Mailing List Third Party Advisory
15	http://seclists.org/fulldisclosure/2024/Mar/26	Mailing List Third Party Advisory
16	http://seclists.org/fulldisclosure/2024/Mar/26	Mailing List Third Party Advisory
17	https://support.apple.com/en-us/HT214081	Vendor Advisory
18	https://support.apple.com/en-us/HT214081	Vendor Advisory
19	https://support.apple.com/en-us/HT214082	Vendor Advisory
20	https://support.apple.com/en-us/HT214082	Vendor Advisory
21	https://support.apple.com/kb/HT214083	Vendor Advisory
22	https://support.apple.com/kb/HT214083	Vendor Advisory
23	https://support.apple.com/kb/HT214084	Vendor Advisory
24	https://support.apple.com/kb/HT214084	Vendor Advisory
25	https://support.apple.com/kb/HT214085	Vendor Advisory
26	https://support.apple.com/kb/HT214085	Vendor Advisory
27	https://support.apple.com/kb/HT214086	Vendor Advisory
28	https://support.apple.com/kb/HT214086	Vendor Advisory
29	https://support.apple.com/kb/HT214087	Vendor Advisory
30	https://support.apple.com/kb/HT214087	Vendor Advisory
31	https://support.apple.com/kb/HT214088	Vendor Advisory
32	https://support.apple.com/kb/HT214088	Vendor Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html