CVE-2024-23295 — Incorrect Default Permissions in Apple Visionos

CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 80.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Visionos

Timeline

PublishedMar 8

Description

A permissions issue was addressed to help ensure Personas are always protected. This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5apple/visionos< 1.1

▶NVDapple/visionos< 1.1

🔴Vulnerability Details

GHSA

GHSA-x7v5-rxwv-mpjw: A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1↗2024-03-08

▶

CVEList

CVE-2024-23295: A permissions issue was addressed to help ensure Personas are always protected↗2024-03-08

▶

📋Vendor Advisories

Apple

CVE-2024-23295: visionOS 1.1↗2024-03-07

▶