CVE-2024-23290

Published: Mar 8, 2024Modified: Apr 2, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Watchos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.4
Apple Iphone Os	Before 17.4
Apple Macos	From 14.0 to 14.4
Apple Tvos	Before 17.4
Apple Watchos	Before 10.4

Related CWEs

CWE-922

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (15)

https://support.apple.com/en-us/120881

Source: product-security@apple.com

https://support.apple.com/en-us/120882

Source: product-security@apple.com

https://support.apple.com/en-us/120893

Source: product-security@apple.com

https://support.apple.com/en-us/120895

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Mar/21