Apple iOS vulnerabilities

CVE-2023-28826 [MEDIUM] CWE-200 CVE-2023-28826: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.

CVE-2024-23280 [MEDIUM] CWE-74 CVE-2024-23280: An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 1 An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-23239 [MEDIUM] CWE-362 CVE-2024-23239: A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPa A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information.

CVE-2024-23201 [MEDIUM] CWE-276 CVE-2024-23201: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.3 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An app may be able to cause a denial-of-service.

CVE-2024-23284 [MEDIUM] CWE-693 CVE-2024-23284: A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVE-2024-23264 [MEDIUM] CWE-125 CVE-2024-23264: A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 16.7.6 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1. An application may be able to read restricted memory.

CVE-2024-23241 [MEDIUM] CWE-922 CVE-2024-23241: This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. An app may be able to leak sensitive user information.

CVE-2024-23254 [MEDIUM] CVE-2024-23254: The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.

CVE-2024-23242 [LOW] CWE-532 CVE-2024-23242: A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17. A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data.

CVE-2024-23291 [LOW] CVE-2024-23291: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.

CVE-2024-23289 [LOW] CVE-2024-23289: A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.

CVE-2024-23255 [LOW] CWE-287 CVE-2024-23255: An authentication issue was addressed with improved state management. This issue is fixed in iOS 17. An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.

CVE-2024-23262 [LOW] CWE-863 CVE-2024-23262: This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.6 and i This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to spoof system notifications and UI.

CVE-2024-23257 [LOW] CWE-119 CVE-2024-23257: The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, visionOS 1.1. Processing an image may result in disclosure of process memory.

CVE-2024-23292 [LOW] CWE-200 CVE-2024-23292: This issue was addressed with improved data protection. This issue is fixed in iOS 17.4 and iPadOS 1 This issue was addressed with improved data protection. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access information about a user's contacts.

CVE-2024-23240 [LOW] CVE-2024-23240: The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.

CVE-2024-23225 [HIGH] CWE-787 CVE-2024-23225: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protection

CVE-2024-23296 [HIGH] CWE-787 CVE-2024-23296: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protection

CVE-2024-23256 [LOW] CVE-2024-23256: A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled.

CVE-2024-23243 [LOW] CVE-2024-23243: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.