Security Flaw in Apple Operating Systems Allowing Unauthorized Data Access
CVE-2024-23215

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Watch OS; Mac OS
Vendor: CVE Published:; 23 January 2024

What is CVE-2024-23215?

This vulnerability involves a flaw in the handling of temporary files that may allow applications on affected Apple operating systems to access sensitive user data without proper authorization. Users of macOS, watchOS, tvOS, iOS, and iPadOS should ensure they are running the latest versions to mitigate potential exposure to unauthorized data access.

Affected Version(s)

iOS and iPadOS < 17.3

macOS < 14.3

tvOS < 17.3

References

https://support.apple.com/en-us/HT214059

https://support.apple.com/en-us/HT214055

https://support.apple.com/en-us/HT214060

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Jan 12, 2024