CVE-2024-23211Exposure of Private Personal Information to an Unauthorized Actor in Apple IOS AND Ipados

CWE-359Exposure of Private Personal Information to an Unauthorized Actor8 documents4 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 93.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple IOS AND IpadosApple MacosApple Safari+3 more
Timeline
PublishedJan 23

Description

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A user's private browsing activity may be visible in Settings.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages9 packages

NVDapple/ipados< 16.7.5+1
CVEListV5apple/ios_and_ipados< 16.7.5+1
CVEListV5apple/macos< 14.3
NVDapple/macos14.014.3
CVEListV5apple/safari< 17.3

🔴Vulnerability Details

2
CVEList
CVE-2024-23211: A privacy issue was addressed with improved handling of user preferences2024-01-23
GHSA
GHSA-46g9-6366-qgqc: A privacy issue was addressed with improved handling of user preferences2024-01-23

📋Vendor Advisories

5
Apple
CVE-2024-23211: iOS 17.3 and iPadOS 17.32024-01-22
Apple
CVE-2024-23211: iOS 16.7.5 and iPadOS 16.7.52024-01-22
Apple
CVE-2024-23211: Safari 17.32024-01-22
Apple
CVE-2024-23211: watchOS 10.32024-01-22
Apple
CVE-2024-23211: macOS Sonoma 14.32024-01-22
CVE-2024-23211 — Apple IOS AND Ipados vulnerability | cvebase