Search

Find a vulnerability

Search criteria

    178 vulnerabilities found for ipad_os by apple

    CVE-2023-42977 (GCVE-0-2023-42977)

    Vulnerability from nvd – Published: 2025-04-11 14:54 – Updated: 2026-02-26 18:28
    VLAI
    Summary
    A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A path handling issue was addressed with improved validation.
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 17 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42977",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-12T03:55:17.599262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:25.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A path handling issue was addressed with improved validation.",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-11T14:54:00.468Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120949"
            },
            {
              "url": "https://support.apple.com/en-us/120950"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42977",
        "datePublished": "2025-04-11T14:54:00.468Z",
        "dateReserved": "2023-09-14T19:05:11.486Z",
        "dateUpdated": "2026-02-26T18:28:25.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-24203 (GCVE-0-2025-24203)

    Vulnerability from nvd – Published: 2025-03-31 22:24 – Updated: 2026-04-02 18:25
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.4 (custom)
    Create a notification for this product.
    Apple iPadOS Affected: 0 , < 17.7.6 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 13.7.5 (custom)
    Affected: 0 , < 14.7.5 (custom)
    Affected: 0 , < 15.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 18.4 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 2.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 11.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24203",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-01T15:01:39.243398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-01T15:02:14.564Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:07:41.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Apr/10"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Apr/9"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Apr/8"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Apr/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.7.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.7.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.7.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to modify protected parts of the file system",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:25:56.850Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/122371"
            },
            {
              "url": "https://support.apple.com/en-us/122372"
            },
            {
              "url": "https://support.apple.com/en-us/122373"
            },
            {
              "url": "https://support.apple.com/en-us/122374"
            },
            {
              "url": "https://support.apple.com/en-us/122375"
            },
            {
              "url": "https://support.apple.com/en-us/122376"
            },
            {
              "url": "https://support.apple.com/en-us/122377"
            },
            {
              "url": "https://support.apple.com/en-us/122378"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2025-24203",
        "datePublished": "2025-03-31T22:24:18.620Z",
        "dateReserved": "2025-01-17T00:00:45.000Z",
        "dateUpdated": "2026-04-02T18:25:56.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44297 (GCVE-0-2024-44297)

    Vulnerability from nvd – Published: 2024-10-28 21:07 – Updated: 2026-04-02 18:09
    VLAI
    Summary
    The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted message may lead to a denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.7.1 (custom)
    Affected: 0 , < 18.1 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 13.7.1 (custom)
    Affected: 0 , < 14.7.1 (custom)
    Affected: 0 , < 15.1 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 18.1 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 2.1 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 11.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-30T14:04:40.900982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T14:11:58.114Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:13:11.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/16"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/13"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/12"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "18.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted message may lead to a denial-of-service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted message may lead to a denial-of-service",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:09:47.261Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/121563"
            },
            {
              "url": "https://support.apple.com/en-us/121564"
            },
            {
              "url": "https://support.apple.com/en-us/121565"
            },
            {
              "url": "https://support.apple.com/en-us/121566"
            },
            {
              "url": "https://support.apple.com/en-us/121567"
            },
            {
              "url": "https://support.apple.com/en-us/121568"
            },
            {
              "url": "https://support.apple.com/en-us/121569"
            },
            {
              "url": "https://support.apple.com/en-us/121570"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-44297",
        "datePublished": "2024-10-28T21:07:48.794Z",
        "dateReserved": "2024-08-20T21:45:40.798Z",
        "dateUpdated": "2026-04-02T18:09:47.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44139 (GCVE-0-2024-44139)

    Vulnerability from nvd – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:18
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An attacker with physical access may be able to access contacts from the lock screen
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T14:34:37.090506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T13:58:16.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:14:04.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An attacker with physical access may be able to access contacts from the lock screen",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:18:33.303Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/121250"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-44139",
        "datePublished": "2024-09-16T23:22:54.549Z",
        "dateReserved": "2024-08-20T21:42:05.920Z",
        "dateUpdated": "2026-04-02T18:18:33.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-42974 (GCVE-0-2023-42974)

    Vulnerability from nvd – Published: 2024-03-28 15:39 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to execute arbitrary code with kernel privileges
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 17.2 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 16.7 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 13.6 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 12.7 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 14.2 (custom)
    Create a notification for this product.
    apple ipados Affected: 0 , < 16.7 (custom)
    Affected: 17.0 , < 17.2 (custom)
        cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 12.0 , < 12.7 (custom)
    Affected: 13.0 , < 13.6 (custom)
    Affected: 14.0 , < 14.2 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:08.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214035"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214034"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214038"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214037"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214036"
              },
              {
                "url": "https://support.apple.com/kb/HT214038"
              },
              {
                "url": "https://support.apple.com/kb/HT214037"
              },
              {
                "url": "https://support.apple.com/kb/HT214036"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "16.7",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "17.2",
                    "status": "affected",
                    "version": "17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.7",
                    "status": "affected",
                    "version": "12.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "13.6",
                    "status": "affected",
                    "version": "13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "14.2",
                    "status": "affected",
                    "version": "14.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T16:29:10.301319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T16:33:21.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to execute arbitrary code with kernel privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-28T15:39:11.395Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT214035"
            },
            {
              "url": "https://support.apple.com/en-us/HT214034"
            },
            {
              "url": "https://support.apple.com/en-us/HT214038"
            },
            {
              "url": "https://support.apple.com/en-us/HT214037"
            },
            {
              "url": "https://support.apple.com/en-us/HT214036"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42974",
        "datePublished": "2024-03-28T15:39:11.395Z",
        "dateReserved": "2023-09-14T19:05:11.485Z",
        "dateUpdated": "2025-11-04T19:25:08.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23297 (GCVE-0-2024-23297)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:24
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4. A malicious application may be able to access private information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-14T17:50:33.525824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-27T13:33:12.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:28:35.345Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "url": "https://support.apple.com/kb/HT214088"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4. A malicious application may be able to access private information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A malicious application may be able to access private information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:24:43.484Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23297",
        "datePublished": "2024-03-08T01:36:12.770Z",
        "dateReserved": "2024-01-12T22:22:21.502Z",
        "dateUpdated": "2026-04-02T18:24:43.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23293 (GCVE-0-2024-23293)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:12
    VLAI
    Summary
    This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23293",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-08T14:00:43.055654Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T15:21:29.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:28:28.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "url": "https://support.apple.com/kb/HT214088"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An attacker with physical access may be able to use Siri to access sensitive user data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:12:42.638Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23293",
        "datePublished": "2024-03-08T01:35:30.712Z",
        "dateReserved": "2024-01-12T22:22:21.501Z",
        "dateUpdated": "2026-04-02T18:12:42.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23280 (GCVE-0-2024-23280)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:25
    VLAI
    Summary
    An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ios Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipados Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple safari Affected: 0 , < 17.4 (custom)
        cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:35.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "safari",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T20:33:30.944280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T16:45:41.969Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A maliciously crafted webpage may be able to fingerprint the user",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:25:29.626Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23280",
        "datePublished": "2024-03-08T01:36:14.625Z",
        "dateReserved": "2024-01-12T22:22:21.499Z",
        "dateUpdated": "2026-04-02T18:25:29.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23277 (GCVE-0-2024-23277)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:12
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-08T14:20:08.272349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T17:06:27.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:23.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:12:08.489Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23277",
        "datePublished": "2024-03-08T01:35:27.903Z",
        "dateReserved": "2024-01-12T22:22:21.498Z",
        "dateUpdated": "2026-04-02T18:12:08.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23273 (GCVE-0-2024-23273)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:20
    VLAI
    Summary
    This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Private Browsing tabs may be accessed without authentication
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:10.314Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T19:31:28.016236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T19:43:36.912Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Private Browsing tabs may be accessed without authentication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:20:11.618Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23273",
        "datePublished": "2024-03-08T01:35:54.940Z",
        "dateReserved": "2024-01-12T22:22:21.498Z",
        "dateUpdated": "2026-04-02T18:20:11.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23270 (GCVE-0-2024-23270)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:14
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to execute arbitrary code with kernel privileges
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 12.7.4 (custom)
    Affected: 0 , < 13.6.5 (custom)
    Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    apple macos Affected: 0 , < 12.7.4 (custom)
    Affected: 13.0 , < 13.6.5 (custom)
    Affected: 14.0 , < 14.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
        cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*
        cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple iphone_os Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipad_os Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:03.074Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214083"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214085"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/22"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/23"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214085"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214083"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.7.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "13.6.5",
                    "status": "affected",
                    "version": "13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "14.4",
                    "status": "affected",
                    "version": "14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "iphone_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipad_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-30T04:00:59.418738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T20:04:13.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.7.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "13.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to execute arbitrary code with kernel privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:14:10.366Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120884"
            },
            {
              "url": "https://support.apple.com/en-us/120886"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23270",
        "datePublished": "2024-03-08T01:35:35.392Z",
        "dateReserved": "2024-01-12T22:22:21.492Z",
        "dateUpdated": "2026-04-02T18:14:10.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23255 (GCVE-0-2024-23255)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:26
    VLAI
    Summary
    An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Photos in the Hidden Photos Album may be viewed without authentication
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    apple macos Affected: 0 , < 14.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ios Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipados Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:59.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-05T14:47:13.410010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T14:47:23.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Photos in the Hidden Photos Album may be viewed without authentication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:26:20.862Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23255",
        "datePublished": "2024-03-08T01:36:16.498Z",
        "dateReserved": "2024-01-12T22:22:21.487Z",
        "dateUpdated": "2026-04-02T18:26:20.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23254 (GCVE-0-2024-23254)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:23
    VLAI
    Summary
    The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-08T15:22:13.972787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T17:21:36.617Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:57.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A malicious website may exfiltrate audio data cross-origin",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:23:44.403Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23254",
        "datePublished": "2024-03-08T01:36:07.243Z",
        "dateReserved": "2024-01-12T22:22:21.487Z",
        "dateUpdated": "2026-04-02T18:23:44.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23250 (GCVE-0-2024-23250)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:13
    VLAI
    Summary
    An access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to access Bluetooth-connected microphones without user permission
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:12:05.442356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T15:21:44.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:49.790Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "url": "https://support.apple.com/kb/HT214088"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to access Bluetooth-connected microphones without user permission",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:13:47.791Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23250",
        "datePublished": "2024-03-08T01:35:33.516Z",
        "dateReserved": "2024-01-12T22:22:21.486Z",
        "dateUpdated": "2026-04-02T18:13:47.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23242 (GCVE-0-2024-23242)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:24
    VLAI
    Summary
    A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to view Mail data
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.3,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-08T15:21:43.014765Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-532",
                    "description": "CWE-532 Insertion of Sensitive Information into Log File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T21:22:04.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:23.490Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to view Mail data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:24:11.196Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23242",
        "datePublished": "2024-03-08T01:36:08.176Z",
        "dateReserved": "2024-01-12T22:22:21.482Z",
        "dateUpdated": "2026-04-02T18:24:11.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23241 (GCVE-0-2024-23241)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:10
    VLAI
    Summary
    This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. An app may be able to leak sensitive user information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to leak sensitive user information
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T15:42:05.900296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T21:02:43.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:20.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. An app may be able to leak sensitive user information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to leak sensitive user information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:10:16.572Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23241",
        "datePublished": "2024-03-08T01:35:26.031Z",
        "dateReserved": "2024-01-12T22:22:21.482Z",
        "dateUpdated": "2026-04-02T18:10:16.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23240 (GCVE-0-2024-23240)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:08
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T15:42:18.084721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T19:06:28.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:17.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Shake-to-undo may allow a deleted photo to be re-surfaced without authentication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:08:58.757Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120893"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23240",
        "datePublished": "2024-03-08T01:35:22.282Z",
        "dateReserved": "2024-01-12T22:22:21.481Z",
        "dateUpdated": "2026-04-02T18:08:58.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23239 (GCVE-0-2024-23239)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:24
    VLAI
    Summary
    A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to leak sensitive user information
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-13T21:01:31.786931Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T21:07:32.221Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:16.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "url": "https://support.apple.com/kb/HT214088"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to leak sensitive user information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:24:19.629Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23239",
        "datePublished": "2024-03-08T01:36:09.093Z",
        "dateReserved": "2024-01-12T22:22:21.480Z",
        "dateUpdated": "2026-04-02T18:24:19.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23226 (GCVE-0-2024-23226)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:16
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing web content may lead to arbitrary code execution
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 1.1 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    apple visionos Affected: 0 , < 1.1 (custom)
        cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ios Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipados Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 14.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 10.4 (custom)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:24:45.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "url": "https://support.apple.com/kb/HT214088"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "visionos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23226",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-29T04:00:23.524335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T20:34:57.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing web content may lead to arbitrary code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:16:03.501Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23226",
        "datePublished": "2024-03-08T01:35:41.905Z",
        "dateReserved": "2024-01-12T22:22:21.478Z",
        "dateUpdated": "2026-04-02T18:16:03.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23220 (GCVE-0-2024-23220)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:12
    VLAI
    Summary
    The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to fingerprint the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T15:42:30.438091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T20:15:45.841Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:24:27.978Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to fingerprint the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to fingerprint the user",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:12:23.885Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23220",
        "datePublished": "2024-03-08T01:35:29.755Z",
        "dateReserved": "2024-01-12T22:22:21.477Z",
        "dateUpdated": "2026-04-02T18:12:23.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23205 (GCVE-0-2024-23205)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:17
    VLAI
    Summary
    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access sensitive user data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to access sensitive user data
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:23:54.332Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23205",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T20:03:02.768427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:41:30.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access sensitive user data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to access sensitive user data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:17:45.722Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23205",
        "datePublished": "2024-03-08T01:35:46.579Z",
        "dateReserved": "2024-01-12T22:22:21.476Z",
        "dateUpdated": "2026-04-02T18:17:45.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0258 (GCVE-0-2024-0258)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:24
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 14.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 10.4 (custom)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple iphone_os Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipad_os Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:25.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "url": "https://support.apple.com/kb/HT214088"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "iphone_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipad_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-11T04:01:22.658760Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T15:10:31.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:24:38.012Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-0258",
        "datePublished": "2024-03-08T01:36:10.920Z",
        "dateReserved": "2024-01-05T23:15:07.340Z",
        "dateUpdated": "2026-04-02T18:24:38.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-42977 (GCVE-0-2023-42977)

    Vulnerability from cvelistv5 – Published: 2025-04-11 14:54 – Updated: 2026-02-26 18:28
    VLAI
    Summary
    A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A path handling issue was addressed with improved validation.
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 17 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42977",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-12T03:55:17.599262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:25.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A path handling issue was addressed with improved validation.",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-11T14:54:00.468Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120949"
            },
            {
              "url": "https://support.apple.com/en-us/120950"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42977",
        "datePublished": "2025-04-11T14:54:00.468Z",
        "dateReserved": "2023-09-14T19:05:11.486Z",
        "dateUpdated": "2026-02-26T18:28:25.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-24203 (GCVE-0-2025-24203)

    Vulnerability from cvelistv5 – Published: 2025-03-31 22:24 – Updated: 2026-04-02 18:25
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.4 (custom)
    Create a notification for this product.
    Apple iPadOS Affected: 0 , < 17.7.6 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 13.7.5 (custom)
    Affected: 0 , < 14.7.5 (custom)
    Affected: 0 , < 15.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 18.4 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 2.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 11.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24203",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-01T15:01:39.243398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-01T15:02:14.564Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:07:41.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Apr/10"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Apr/9"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Apr/8"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Apr/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.7.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.7.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.7.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to modify protected parts of the file system",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:25:56.850Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/122371"
            },
            {
              "url": "https://support.apple.com/en-us/122372"
            },
            {
              "url": "https://support.apple.com/en-us/122373"
            },
            {
              "url": "https://support.apple.com/en-us/122374"
            },
            {
              "url": "https://support.apple.com/en-us/122375"
            },
            {
              "url": "https://support.apple.com/en-us/122376"
            },
            {
              "url": "https://support.apple.com/en-us/122377"
            },
            {
              "url": "https://support.apple.com/en-us/122378"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2025-24203",
        "datePublished": "2025-03-31T22:24:18.620Z",
        "dateReserved": "2025-01-17T00:00:45.000Z",
        "dateUpdated": "2026-04-02T18:25:56.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44297 (GCVE-0-2024-44297)

    Vulnerability from cvelistv5 – Published: 2024-10-28 21:07 – Updated: 2026-04-02 18:09
    VLAI
    Summary
    The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted message may lead to a denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.7.1 (custom)
    Affected: 0 , < 18.1 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 13.7.1 (custom)
    Affected: 0 , < 14.7.1 (custom)
    Affected: 0 , < 15.1 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 18.1 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 2.1 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 11.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-30T14:04:40.900982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T14:11:58.114Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:13:11.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/16"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/13"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/12"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "18.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted message may lead to a denial-of-service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted message may lead to a denial-of-service",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:09:47.261Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/121563"
            },
            {
              "url": "https://support.apple.com/en-us/121564"
            },
            {
              "url": "https://support.apple.com/en-us/121565"
            },
            {
              "url": "https://support.apple.com/en-us/121566"
            },
            {
              "url": "https://support.apple.com/en-us/121567"
            },
            {
              "url": "https://support.apple.com/en-us/121568"
            },
            {
              "url": "https://support.apple.com/en-us/121569"
            },
            {
              "url": "https://support.apple.com/en-us/121570"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-44297",
        "datePublished": "2024-10-28T21:07:48.794Z",
        "dateReserved": "2024-08-20T21:45:40.798Z",
        "dateUpdated": "2026-04-02T18:09:47.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44139 (GCVE-0-2024-44139)

    Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:18
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An attacker with physical access may be able to access contacts from the lock screen
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T14:34:37.090506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T13:58:16.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:14:04.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An attacker with physical access may be able to access contacts from the lock screen",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:18:33.303Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/121250"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-44139",
        "datePublished": "2024-09-16T23:22:54.549Z",
        "dateReserved": "2024-08-20T21:42:05.920Z",
        "dateUpdated": "2026-04-02T18:18:33.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-42974 (GCVE-0-2023-42974)

    Vulnerability from cvelistv5 – Published: 2024-03-28 15:39 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to execute arbitrary code with kernel privileges
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 17.2 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 16.7 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 13.6 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 12.7 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 14.2 (custom)
    Create a notification for this product.
    apple ipados Affected: 0 , < 16.7 (custom)
    Affected: 17.0 , < 17.2 (custom)
        cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 12.0 , < 12.7 (custom)
    Affected: 13.0 , < 13.6 (custom)
    Affected: 14.0 , < 14.2 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:08.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214035"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214034"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214038"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214037"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214036"
              },
              {
                "url": "https://support.apple.com/kb/HT214038"
              },
              {
                "url": "https://support.apple.com/kb/HT214037"
              },
              {
                "url": "https://support.apple.com/kb/HT214036"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "16.7",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "17.2",
                    "status": "affected",
                    "version": "17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.7",
                    "status": "affected",
                    "version": "12.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "13.6",
                    "status": "affected",
                    "version": "13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "14.2",
                    "status": "affected",
                    "version": "14.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T16:29:10.301319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T16:33:21.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to execute arbitrary code with kernel privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-28T15:39:11.395Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT214035"
            },
            {
              "url": "https://support.apple.com/en-us/HT214034"
            },
            {
              "url": "https://support.apple.com/en-us/HT214038"
            },
            {
              "url": "https://support.apple.com/en-us/HT214037"
            },
            {
              "url": "https://support.apple.com/en-us/HT214036"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42974",
        "datePublished": "2024-03-28T15:39:11.395Z",
        "dateReserved": "2023-09-14T19:05:11.485Z",
        "dateUpdated": "2025-11-04T19:25:08.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23255 (GCVE-0-2024-23255)

    Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:26
    VLAI
    Summary
    An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Photos in the Hidden Photos Album may be viewed without authentication
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    apple macos Affected: 0 , < 14.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ios Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipados Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:59.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-05T14:47:13.410010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T14:47:23.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Photos in the Hidden Photos Album may be viewed without authentication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:26:20.862Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23255",
        "datePublished": "2024-03-08T01:36:16.498Z",
        "dateReserved": "2024-01-12T22:22:21.487Z",
        "dateUpdated": "2026-04-02T18:26:20.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23280 (GCVE-0-2024-23280)

    Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:25
    VLAI
    Summary
    An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ios Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipados Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple safari Affected: 0 , < 17.4 (custom)
        cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:35.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "safari",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T20:33:30.944280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T16:45:41.969Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A maliciously crafted webpage may be able to fingerprint the user",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:25:29.626Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23280",
        "datePublished": "2024-03-08T01:36:14.625Z",
        "dateReserved": "2024-01-12T22:22:21.499Z",
        "dateUpdated": "2026-04-02T18:25:29.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23297 (GCVE-0-2024-23297)

    Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:24
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4. A malicious application may be able to access private information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-14T17:50:33.525824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-27T13:33:12.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:28:35.345Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "url": "https://support.apple.com/kb/HT214088"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4. A malicious application may be able to access private information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A malicious application may be able to access private information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:24:43.484Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23297",
        "datePublished": "2024-03-08T01:36:12.770Z",
        "dateReserved": "2024-01-12T22:22:21.502Z",
        "dateUpdated": "2026-04-02T18:24:43.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }