{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-23208","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2024-01-12T22:22:21.476Z","datePublished":"2024-01-23T00:25:28.334Z","dateUpdated":"2026-04-02T18:20:52.972Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"An app may be able to execute arbitrary code with kernel privileges"}]}],"affected":[{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"0","status":"affected","lessThan":"17.3","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"0","status":"affected","lessThan":"14.3","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"0","status":"affected","lessThan":"17.3","versionType":"custom"}]},{"vendor":"Apple","product":"watchOS","versions":[{"version":"0","status":"affected","lessThan":"10.3","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges."}],"references":[{"url":"https://support.apple.com/en-us/120304"},{"url":"https://support.apple.com/en-us/120306"},{"url":"https://support.apple.com/en-us/120309"},{"url":"https://support.apple.com/en-us/120311"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2026-04-02T18:20:52.972Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT214059","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT214055","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT214060","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT214061","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Jan/33","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Jan/36","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Jan/39","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Jan/40","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214061"},{"url":"https://support.apple.com/kb/HT214055"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T18:23:59.126Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-02-06T05:00:11.545144Z","id":"CVE-2024-23208","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-04T15:06:13.511Z"}}]}}