Vulnerabilities

Apple Patches Code Execution Vulnerability in iOS, macOS

Apple has released iOS 17.4.1 and macOS Sonoma 14.4.1 with patches for an arbitrary code execution vulnerability.

Published

Apple vulnerabilities

Apple has released fresh security updates for iOS and macOS devices to resolve an arbitrary code execution vulnerability.

The issue, tracked as CVE-2024-1580 and described as an integer overflow leading to out-of-bounds write, impacts the CoreMedia and WebRTC components of both iOS and macOS and could be triggered during image processing.

The security defect is not specific to Apple’s products, but affects the dav1d open source AV1 cross-platform decoder and was resolved in dav1d version 1.4.0 in February.

“An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder,” a NIST NVD advisory reads.

Apple, which warns that the issue could be exploited to achieve arbitrary code execution during the processing of an image, says it has addressed it with improved input validation.

The tech giant has included patches for the bug in iOS and iPadOS 17.4.1, iOS and iPadOS 16.7.7, visionOS 1.1.1, macOS Sonoma 14.4.1, macOS Ventura 13.6.6, and Safari 17.4.1 (for macOS Monterey and macOS Ventura).

Advertisement. Scroll to continue reading.

The company has credited Google Project Zero researcher Nick Galloway for reporting the bug.

Galloway has provided a technical writeup on this issue, along with proof-of-concept (PoC) code demonstrating it. The writeup was made public earlier this month.

CVE-2024-1580 is a medium-severity vulnerability. Although it can be exploited from the network with low privileges and no user interaction and has high impact on integrity, the flaw has low impact on confidentiality.

There are no reports of this bug being exploited in attacks, but the fact that Apple has released security updates just for it suggests that users should take immediate action and patch their devices.

Additional information on the Apple patches can be found on the company’s security releases page.

Related: Apple Blunts Zero-Day Attacks With iOS 17.4 Update

Related: Apple Patches Vision Pro Vulnerability as CISA Warns of iOS Flaw Exploitation

Related: Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation

In this article:

Related Content

Apple

Application Security

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions.

May 21, 2026

Mobile & Wireless

Apple Patches Dozens of Vulnerabilities in macOS, iOS

The tech giant has also ported the patch for a recent deleted chats recovery issue to older versions of iOS.

May 12, 2026

Malware & Threats

Dozens of Malicious Crypto Apps Land in Apple App Store

Masquerading as popular cryptocurrency wallets, the apps can hijack recovery phrases and private keys.

April 21, 2026

Artificial Intelligence

Apple Intelligence AI Guardrails Bypassed in New Attack

RSAC researchers hacked Apple Intelligence using the Neural Exect method and Unicode manipulation.

April 9, 2026

Mobile & Wireless

Apple Rolls Out DarkSword Exploit Protection to More Devices

The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors.

April 2, 2026

Endpoint Security

iOS, macOS 26.4 Roll Out With Fresh Security Patches

Apple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5.

March 25, 2026

Endpoint Security

Apple Debuts Background Security Improvements With Fresh WebKit Patches

The lightweight updates are meant to deliver security protections between security updates.

March 18, 2026

Mobile & Wireless

Apple Updates Legacy iOS Versions to Patch Coruna Exploits

The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities.

March 12, 2026

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version