CVE-2024-23203 — Apple IOS AND Ipados vulnerability

6 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 60.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Ipados +5 more

Timeline

PublishedJan 23

Latest updateMar 7

Description

The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5. A shortcut may be able to use sensitive data with certain actions without prompting the user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶Appleapple/macos_sonoma14.3

▶Appleapple/macos_ventura13.6.5

▶CVEListV5apple/macos< 13.6.5

▶NVDapple/macos< 14.3

▶NVDapple/ipados< 17.3

🔴Vulnerability Details

GHSA

GHSA-fj9j-r9xc-pv7f: The issue was addressed with additional permissions checks↗2024-01-23

▶

📋Vendor Advisories

Apple

CVE-2024-23203: macOS Ventura 13.6.5↗2024-03-07

▶

Apple

CVE-2024-23203: iOS 16.7.6 and iPadOS 16.7.6↗2024-03-05

▶

Apple

CVE-2024-23203: macOS Sonoma 14.3↗2024-01-22

▶

Apple

CVE-2024-23203: iOS 17.3 and iPadOS 17.3↗2024-01-22

▶