CVE-2024-23218

Published: Jan 23, 2024Modified: Apr 2, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Watchos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.3
Apple Iphone Os	Before 17.3
Apple Macos	From 14.0 to 14.3
Apple Tvos	Before 17.3
Apple Watchos	Before 10.3

Related CWEs

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (23)

https://support.apple.com/en-us/120304

Source: product-security@apple.com

https://support.apple.com/en-us/120306

Source: product-security@apple.com

https://support.apple.com/en-us/120309

Source: product-security@apple.com

https://support.apple.com/en-us/120311

Source: product-security@apple.com

https://support.apple.com/en-us/120880

Source: product-security@apple.com

https://support.apple.com/en-us/120884

Source: product-security@apple.com

https://support.apple.com/en-us/120886

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Jan/33

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jan/36

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jan/39

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jan/40

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/22

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2024/Mar/23

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/en-us/HT214055

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214059

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214060

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214061

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/kb/HT214055

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214059

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214061

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214082

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214083

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214085

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.