Privacy Vulnerability in Apple Products Impacting User Browsing Activity
CVE-2024-23211

3.3LOW

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Safari; Watch OS; Mac OS
Vendor: CVE Published:; 23 January 2024

What is CVE-2024-23211?

A privacy issue has been identified in several Apple products, where a user's private browsing activity could become visible in the Settings application. This weakness arises from inadequate handling of user preferences, potentially exposing sensitive information. Apple has addressed this problem in recent updates, including watchOS 10.3, iOS 17.3, and Safari 17.3, ensuring enhanced privacy features to protect user data.

Affected Version(s)

iOS and iPadOS < 17.3

iOS and iPadOS < 16.7

macOS < 14.3

References

https://support.apple.com/en-us/HT214059

https://support.apple.com/en-us/HT214063

https://support.apple.com/en-us/HT214056

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Jan 12, 2024