CVE-2024-23271

Published: Apr 24, 2024Modified: Apr 2, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.

Affected (6)

Products: Apple: Ipados, Iphone Os, Macos, Safari, Tvos, Watchos

6 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.3
Apple Iphone Os	Before 17.3
Apple Macos	From 14.0 to 14.3
Apple Safari	Before 17.3
Apple Tvos	Before 17.3
Apple Watchos	Before 10.3

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (15)

https://support.apple.com/en-us/120304

Source: product-security@apple.com

https://support.apple.com/en-us/120306

Source: product-security@apple.com

https://support.apple.com/en-us/120309

Source: product-security@apple.com

https://support.apple.com/en-us/120311

Source: product-security@apple.com

https://support.apple.com/en-us/120339

Source: product-security@apple.com

https://support.apple.com/en-us/HT214055