CVE-2024-23235

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

History

20 Dec 2024, 17:08

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Mar/24 - Mailing List () http://seclists.org/fulldisclosure/2024/Mar/24 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Mar/25 - Mailing List () http://seclists.org/fulldisclosure/2024/Mar/25 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Mar/26 - Mailing List () http://seclists.org/fulldisclosure/2024/Mar/26 - Mailing List, Third Party Advisory
First Time Apple ipados
CPE cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

06 Dec 2024, 02:36

Type Values Removed Values Added
CWE CWE-362
First Time Apple visionos
Apple watchos
Apple
Apple iphone Os
Apple ipad Os
Apple tvos
Apple macos
CPE cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 4.7
References () http://seclists.org/fulldisclosure/2024/Mar/21 - () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List
References () http://seclists.org/fulldisclosure/2024/Mar/24 - () http://seclists.org/fulldisclosure/2024/Mar/24 - Mailing List
References () http://seclists.org/fulldisclosure/2024/Mar/25 - () http://seclists.org/fulldisclosure/2024/Mar/25 - Mailing List
References () http://seclists.org/fulldisclosure/2024/Mar/26 - () http://seclists.org/fulldisclosure/2024/Mar/26 - Mailing List
References () https://support.apple.com/en-us/HT214081 - () https://support.apple.com/en-us/HT214081 - Vendor Advisory
References () https://support.apple.com/en-us/HT214082 - () https://support.apple.com/en-us/HT214082 - Vendor Advisory
References () https://support.apple.com/en-us/HT214084 - () https://support.apple.com/en-us/HT214084 - Vendor Advisory
References () https://support.apple.com/en-us/HT214086 - () https://support.apple.com/en-us/HT214086 - Vendor Advisory
References () https://support.apple.com/en-us/HT214087 - () https://support.apple.com/en-us/HT214087 - Vendor Advisory
References () https://support.apple.com/en-us/HT214088 - () https://support.apple.com/en-us/HT214088 - Vendor Advisory

Information

Published : 2024-03-08 02:15

Updated : 2024-12-20 17:08


NVD link : CVE-2024-23235

Mitre link : CVE-2024-23235

CVE.ORG link : CVE-2024-23235


JSON object : View

Products Affected

apple

  • tvos
  • iphone_os
  • watchos
  • ipados
  • visionos
  • macos
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor