← Back

CVE-2024-23251

nvd nist
Published: Jun 10, 2024Modified: Apr 2, 2026

JSON object

Loading...
4.6
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.9 / Impact: 3.6
Source: NVD

Description

An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials.

Affected (6)

Apple
4 products
Ipados
Iphone Os
Macos
Watchos
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Ipados
Before 16.7.8
Ipados
From 17.0 to 17.5
Apple
Iphone Os
Before 16.7.8
Iphone Os
From 17.0 to 17.5
Macos
From 14.0 to 14.5
Watchos
Before 10.5

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (12)

Source: product-security@apple.com
Source: product-security@apple.com
Source: product-security@apple.com
Source: product-security@apple.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.