CVE-2024-23235

Опубликовано: 08 мар. 2024

Источник: nvd

CVSS3: 4.7

CVSS3: 8.1

EPSS Низкий

Описание

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.

Ссылки

http://seclists.org/fulldisclosure/2024/Mar/21
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/24
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/25
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/26
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214081
Vendor Advisory
https://support.apple.com/en-us/HT214082
Vendor Advisory
https://support.apple.com/en-us/HT214084
Vendor Advisory
https://support.apple.com/en-us/HT214086
Vendor Advisory
https://support.apple.com/en-us/HT214087
Vendor Advisory
https://support.apple.com/en-us/HT214088
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Mar/21
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/24
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/25
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/26
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214081
Vendor Advisory
https://support.apple.com/en-us/HT214082
Vendor Advisory
https://support.apple.com/en-us/HT214084
Vendor Advisory
https://support.apple.com/en-us/HT214086
Vendor Advisory
https://support.apple.com/en-us/HT214087
Vendor Advisory
https://support.apple.com/en-us/HT214088
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 16.7.6 (исключая)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.4 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 16.7.6 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.4 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.4 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 17.4 (исключая)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Версия до 1.1 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 10.4 (исключая)

EPSS

Процентиль: 21%

0.00068

Низкий

4.7 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-362

CWE-200

Связанные уязвимости

GHSA-v98w-rc85-gp5v

CVSS3: 8.1

github

почти 2 года назад

BDU:2024-02684

CVSS3: 6.5

fstec

почти 2 года назад

Уязвимость ядра операционных систем iOS, macOS Sonoma, iPadOS, tvOS, visionOS, watchOS, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 21%

0.00068

Низкий

4.7 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-362

CWE-200