CVE-2024-23287
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2024-08-01 22:59
Severity
Summary
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.
References
SourceURLTags
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Mar/21
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Mar/24
product-security@apple.comhttps://support.apple.com/en-us/HT214081
product-security@apple.comhttps://support.apple.com/en-us/HT214084
product-security@apple.comhttps://support.apple.com/en-us/HT214088
Impacted products
VendorProduct
AppleiOS and iPadOS
ApplemacOS
ApplewatchOS
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T18:13:20.505379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:16.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214081"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214084"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214088"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to access user-sensitive data",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-08T01:35:49.346Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214081"
        },
        {
          "url": "https://support.apple.com/en-us/HT214084"
        },
        {
          "url": "https://support.apple.com/en-us/HT214088"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23287",
    "datePublished": "2024-03-08T01:35:49.346Z",
    "dateReserved": "2024-01-12T22:22:21.501Z",
    "dateUpdated": "2024-08-01T22:59:32.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-23287\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2024-03-08T02:15:50.020\",\"lastModified\":\"2024-03-13T22:15:11.120\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario.\"}],\"metrics\":{},\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/21\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/24\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT214081\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT214084\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT214088\",\"source\":\"product-security@apple.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.