CVE-2024-23225

ENISA EUVD: EUVD-2024-20744 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 4 articles Published: 2024-03-05
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.26%
probability
This CVE has a 0.26% probability of being exploited in the next 30 days.
0% Top 49.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Affected Products

Apple
iOS and iPadOS
0 0
Apple
macOS
0 0 0
Apple
tvOS
0
Apple
visionOS
0
Apple
watchOS
0

Attack Intelligence

Google Project Zero

Patched
March 5, 2024
Reported by
???
Root Cause Analysis
???

Signal Intelligence

Confidence
92%
EPSS 0.26%
CVSS v3.1 7.8
Mentions 4
Last Seen May 13, 2024

CNA Information

CNA Assigner
apple

Analyst Note

CVE-2024-23225 is confirmed as an actively exploited zero-day in iOS/iPadOS with strong evidence including Google Project Zero tracking, multiple security advisories, and documented real-world exploitation in sophisticated attacks. Apple's official acknowledgment of exploitation and rapid patch deployment across iOS 16.7.6, 17.4, and older versions further validates the confirmed status.

Triage Info

Decided atMar 03, 2026
Published DateMar 05, 2024