CVE-2024-23295

Published: Mar 8, 2024Modified: Apr 2, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A permissions issue was addressed to help ensure Personas are always protected. This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.

Affected (1)

Products: Apple: Visionos

Apple

1 product

Visionos

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Visionos	Before 1.1

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://support.apple.com/en-us/120883

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Mar/26

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://support.apple.com/en-us/HT214087

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/kb/HT214087

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.