CVE-2024-0258

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Mar/21	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25	Mailing List
https://support.apple.com/en-us/HT214081	Vendor Advisory
https://support.apple.com/en-us/HT214084	Vendor Advisory
https://support.apple.com/en-us/HT214086	Vendor Advisory
https://support.apple.com/en-us/HT214088	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Mar/21	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25	Mailing List
https://support.apple.com/en-us/HT214081	Vendor Advisory
https://support.apple.com/en-us/HT214084	Vendor Advisory
https://support.apple.com/en-us/HT214086	Vendor Advisory
https://support.apple.com/en-us/HT214088	Vendor Advisory
https://support.apple.com/kb/HT214081
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214086
https://support.apple.com/kb/HT214088

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipad_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

No history.

Information

Published : 2024-03-08 02:15

Updated : 2025-11-04 19:16

NVD link : CVE-2024-0258

Mitre link : CVE-2024-0258

CVE.ORG link : CVE-2024-0258

JSON object : View

Products Affected

apple

iphone_os
tvos
ipad_os
macos
watchos

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2024-0258", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2024-03-08T02:15:47.293", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["Mailing List"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24", "tags": ["Mailing List"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25", "tags": ["Mailing List"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT214081", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT214086", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT214088", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT214081", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT214086", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT214088", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214081", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214084", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214086", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214088", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges."}, {"lang": "es", "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas o con ciertos privilegios elevados."}], "lastModified": "2025-11-04T19:16:26.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69", "versionEndExcluding": "17.4"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB", "versionEndExcluding": "17.4"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", "versionEndExcluding": "17.4"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6", "versionEndExcluding": "10.4"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}