iOS
iOS 17.4
Official advisory41 CVEs fixed by this release.
- Release date
- 2024-03-05
- End of support
- 2024-11-19 EOL
- CVEs fixed
- 41
- CISA KEV
- 2
- Critical
- 0
- High
- 0
- NVD pending
- 40
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-23296
KEV
[Apple RTKit] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protectio… |
N/A | KEV | [Apple RTKit] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this… | |
|
CVE-2024-23225
KEV
[Apple Kernel] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protecti… |
N/A | KEV | [Apple Kernel] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that thi… | |
|
CVE-2022-48554
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 5.5 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2024-0258
[Apple libxpc] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges |
N/A | — | [Apple libxpc] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges | |
|
CVE-2024-23205
[Apple ExtensionKit] An app may be able to access sensitive user data |
N/A | — | [Apple ExtensionKit] An app may be able to access sensitive user data | |
|
CVE-2024-23226
[Apple WebKit] Processing web content may lead to arbitrary code execution |
N/A | — | [Apple WebKit] Processing web content may lead to arbitrary code execution | |
|
CVE-2024-23231
[Apple Share Sheet] An app may be able to access user-sensitive data |
N/A | — | [Apple Share Sheet] An app may be able to access user-sensitive data | |
|
CVE-2024-23235
[Apple Kernel] An app may be able to access user-sensitive data |
N/A | — | [Apple Kernel] An app may be able to access user-sensitive data | |
|
CVE-2024-23239
[Apple Sandbox] An app may be able to leak sensitive user information |
N/A | — | [Apple Sandbox] An app may be able to leak sensitive user information | |
|
CVE-2024-23241
[Apple Spotlight] An app may be able to leak sensitive user information |
N/A | — | [Apple Spotlight] An app may be able to leak sensitive user information | |
|
CVE-2024-23242
[Apple Synapse] An app may be able to view Mail data |
N/A | — | [Apple Synapse] An app may be able to view Mail data | |
|
CVE-2024-23246
[Apple UIKit] An app may be able to break out of its sandbox |
N/A | — | [Apple UIKit] An app may be able to break out of its sandbox | |
|
CVE-2024-23250
[Apple CoreBluetooth - LE] An app may be able to access Bluetooth-connected microphones without user permission |
N/A | — | [Apple CoreBluetooth - LE] An app may be able to access Bluetooth-connected microphones without user permission | |
|
CVE-2024-23254
[Apple WebKit] A malicious website may exfiltrate audio data cross-origin |
N/A | — | [Apple WebKit] A malicious website may exfiltrate audio data cross-origin | |
|
CVE-2024-23255
[Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication |
N/A | — | [Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication | |
|
CVE-2024-23259
[Apple Safari] Processing web content may lead to a denial-of-service |
N/A | — | [Apple Safari] Processing web content may lead to a denial-of-service | |
|
CVE-2024-23263
[Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced | |
|
CVE-2024-23264
[Apple Metal] An application may be able to read restricted memory |
N/A | — | [Apple Metal] An application may be able to read restricted memory | |
|
CVE-2024-23265
[Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory |
N/A | — | [Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2024-23270
[Apple Image Processing] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple Image Processing] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2024-23273
[Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication |
N/A | — | [Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication | |
|
CVE-2024-23277
[Apple Bluetooth] An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard |
N/A | — | [Apple Bluetooth] An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard | |
|
CVE-2024-23278
[Apple libxpc] An app may be able to break out of its sandbox |
N/A | — | [Apple libxpc] An app may be able to break out of its sandbox | |
|
CVE-2024-23280
[Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user |
N/A | — | [Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user | |
|
CVE-2024-23284
[Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced | |
|
CVE-2024-23286
[Apple ImageIO] Processing an image may lead to arbitrary code execution |
N/A | — | [Apple ImageIO] Processing an image may lead to arbitrary code execution | |
|
CVE-2024-23287
[Apple Messages] An app may be able to access user-sensitive data |
N/A | — | [Apple Messages] An app may be able to access user-sensitive data | |
|
CVE-2024-23288
[Apple AppleMobileFileIntegrity] An app may be able to elevate privileges |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to elevate privileges | |
|
CVE-2024-23289
[Apple Siri] A person with physical access to a device may be able to use Siri to access private calendar information |
N/A | — | [Apple Siri] A person with physical access to a device may be able to use Siri to access private calendar information | |
|
CVE-2024-23290
[Apple Sandbox] An app may be able to access user-sensitive data |
N/A | — | [Apple Sandbox] An app may be able to access user-sensitive data | |
|
CVE-2024-23291
[Apple Accessibility] A malicious app may be able to observe user data in log entries related to accessibility notifica… |
N/A | — | [Apple Accessibility] A malicious app may be able to observe user data in log entries related to accessibility notifications | |
|
CVE-2024-23292
[Apple Shortcuts] An app may be able to access information about a user's contacts |
N/A | — | [Apple Shortcuts] An app may be able to access information about a user's contacts | |
|
CVE-2024-23293
[Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data |
N/A | — | [Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data | |
|
CVE-2024-27859
[Apple WebKit] Processing web content may lead to arbitrary code execution |
N/A | — | [Apple WebKit] Processing web content may lead to arbitrary code execution | |
|
CVE-2024-54658
[Apple WebKit] Processing web content may lead to a denial-of-service |
N/A | — | [Apple WebKit] Processing web content may lead to a denial-of-service | |
|
CVE-2024-23220
[Apple Safari] An app may be able to fingerprint the user |
N/A | — | [Apple Safari] An app may be able to fingerprint the user | |
|
CVE-2024-23240
[Apple Photos] Shake-to-undo may allow a deleted photo to be re-surfaced without authentication |
N/A | — | [Apple Photos] Shake-to-undo may allow a deleted photo to be re-surfaced without authentication | |
|
CVE-2024-23243
[Apple Accessibility] An app may be able to read sensitive location information |
N/A | — | [Apple Accessibility] An app may be able to read sensitive location information | |
|
CVE-2024-23256
[Apple Safari Private Browsing] A user's locked tabs may be briefly visible while switching tab groups when Locked Priv… |
N/A | — | [Apple Safari Private Browsing] A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled | |
|
CVE-2024-23262
[Apple Accessibility] An app may be able to spoof system notifications and UI |
N/A | — | [Apple Accessibility] An app may be able to spoof system notifications and UI | |
|
CVE-2024-23297
[Apple MediaRemote] A malicious application may be able to access private information |
N/A | — | [Apple MediaRemote] A malicious application may be able to access private information |