CVE-2024-23254

14 documents8 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 35.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Safari +8 more

Timeline

PublishedMar 8

Latest updateApr 15

Description

The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages18 packages

▶CVEListV5apple/tvos< 17.4

▶NVDapple/tvos< 17.4

▶CVEListV5apple/macos< 14.4

▶NVDapple/macos< 14.4

▶CVEListV5apple/safari< 17.4

Also affects: Fedora 40

🔴Vulnerability Details

OSV

CVE-2024-23254: The issue was addressed with improved UI handling↗2024-03-08

▶

OSV

CVE-2024-23254: The issue was addressed with improved UI handling↗2024-03-08

▶

CVEList

CVE-2024-23254: The issue was addressed with improved UI handling↗2024-03-08

▶

GHSA

GHSA-62qm-vc7f-rm93: The issue was addressed with improved UI handling↗2024-03-08

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2024-04-15

▶

Apple

CVE-2024-23254: watchOS 10.4↗2024-03-07

▶

Apple

CVE-2024-23254: visionOS 1.1↗2024-03-07

▶

Apple

CVE-2024-23254: tvOS 17.4↗2024-03-07

▶

Apple

CVE-2024-23254: macOS Sonoma 14.4↗2024-03-07

▶