CVE-2024-23292

Published: Mar 8, 2024Modified: Apr 2, 2026

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

This issue was addressed with improved data protection. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access information about a user's contacts.

Affected (3)

Products: Apple: Ipados, Iphone Os, Macos

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.4
Apple Iphone Os	Before 17.4
Apple Macos	From 14.0 to 14.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (7)

https://support.apple.com/en-us/120893

Source: product-security@apple.com

https://support.apple.com/en-us/120895

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Mar/21