CVE-2024-23255Improper Authentication in Apple IOS AND Ipados

CWE-287Improper AuthenticationCWE-863Incorrect Authorization5 documents4 sources
Severity
2.4LOWNVD
EPSS
0.2%
top 64.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple IOS AND IpadosApple MacosApple Ipad OS+1 more
Timeline
PublishedMar 8

Description

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages5 packages

CVEListV5apple/macos< 14.4
NVDapple/macos14.014.4
NVDapple/ipad_os< 17.4
CVEListV5apple/ios_and_ipados< 17.4
NVDapple/iphone_os< 17.4

🔴Vulnerability Details

2
GHSA
GHSA-7523-56gq-473q: An authentication issue was addressed with improved state management2024-03-08
CVEList
CVE-2024-23255: An authentication issue was addressed with improved state management2024-03-08

📋Vendor Advisories

2
Apple
CVE-2024-23255: macOS Sonoma 14.42024-03-07
Apple
CVE-2024-23255: iOS 17.4 and iPadOS 17.42024-03-05
CVE-2024-23255 — Improper Authentication in Apple | cvebase