CVE-2024-23263

CWE-20 — Improper Input Validation15 documents8 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 29.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Safari +8 more

Timeline

PublishedMar 8

Latest updateApr 15

Description

A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages18 packages

▶NVDapple/ipados17.0 — 17.4+1

▶CVEListV5apple/ios_and_ipados< 16.7.6+1

▶CVEListV5apple/tvos< 17.4

▶NVDapple/tvos< 17.4

▶CVEListV5apple/macos< 14.4

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

OSV

CVE-2024-23263: A logic issue was addressed with improved validation↗2024-03-08

▶

GHSA

GHSA-xrrw-7rr2-829v: A logic issue was addressed with improved validation↗2024-03-08

▶

OSV

CVE-2024-23263: A logic issue was addressed with improved validation↗2024-03-08

▶

CVEList

CVE-2024-23263: A logic issue was addressed with improved validation↗2024-03-08

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2024-04-15

▶

Apple

CVE-2024-23263: macOS Sonoma 14.4↗2024-03-07

▶

Apple

CVE-2024-23263: visionOS 1.1↗2024-03-07

▶

Apple

CVE-2024-23263: tvOS 17.4↗2024-03-07

▶

Red Hat

webkit: processing malicious web content prevents Content Security Policy from being enforced↗2024-03-07

▶