CVE-2024-23271Improper Access Control in Apple IOS AND Ipados

CWE-284Improper Access ControlCWE-942Permissive Cross-domain Security Policy with Untrusted Domains12 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 75.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOS AND IpadosApple MacosApple Safari+4 more
Timeline
PublishedApr 24
Latest updateSep 25

Description

A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages11 packages

CVEListV5apple/tvos< 17.3
NVDapple/tvos< 17.3
CVEListV5apple/macos< 14.3
NVDapple/macos14.014.3
CVEListV5apple/safari< 17.3

🔴Vulnerability Details

4
CVEList
CVE-2024-23271: A logic issue was addressed with improved checks2024-04-24
GHSA
GHSA-c7hr-m654-77g5: A logic issue was addressed with improved checks2024-04-24
OSV
CVE-2024-23271: A logic issue was addressed with improved checks2024-04-24
OSV
CVE-2024-23271: A logic issue was addressed with improved checks2024-04-24

📋Vendor Advisories

7
Red Hat
webkitgtk: A malicious website may cause unexpected cross-origin behavior2024-09-25
Apple
CVE-2024-23271: Safari 17.32024-01-22
Apple
CVE-2024-23271: tvOS 17.32024-01-22
Apple
CVE-2024-23271: macOS Sonoma 14.32024-01-22
Apple
CVE-2024-23271: watchOS 10.32024-01-22
CVE-2024-23271 — Improper Access Control in Apple | cvebase