Privacy Issue in Apple Products - Vulnerability in User Data Handling
CVE-2024-23223

6.2MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Watch OS; Mac OS
Vendor: CVE Published:; 23 January 2024

What is CVE-2024-23223?

A privacy vulnerability has been identified in various Apple operating systems, which could potentially allow unauthorized access to sensitive user data. This issue arises from improper handling of files, posing significant risks to user privacy. Apple has addressed this vulnerability in updates for macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3, and iPadOS 17.3, enhancing the security measures that protect user information.

Affected Version(s)

iOS and iPadOS < 17.3

macOS < 14.3

tvOS < 17.3

References

https://support.apple.com/en-us/HT214059

https://support.apple.com/en-us/HT214055

https://support.apple.com/en-us/HT214060

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Jan 12, 2024