cve-2024-23217
Vulnerability from cvelistv5
Published
2024-01-23 00:25
Modified
2024-08-01 22:59
Severity
Summary
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences.
References
SourceURLTags
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jan/33Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jan/36Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jan/39Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Mar/22
product-security@apple.comhttps://support.apple.com/en-us/HT214059Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT214060Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT214061Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/kb/HT214085
Impacted products
VendorProduct
AppleiOS and iPadOS
ApplewatchOS
ApplemacOS
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214085"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to bypass certain Privacy preferences",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T00:25:15.760Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214059"
        },
        {
          "url": "https://support.apple.com/en-us/HT214060"
        },
        {
          "url": "https://support.apple.com/en-us/HT214061"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/33"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/36"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/39"
        },
        {
          "url": "https://support.apple.com/kb/HT214085"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/22"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23217",
    "datePublished": "2024-01-23T00:25:15.760Z",
    "dateReserved": "2024-01-12T22:22:21.477Z",
    "dateUpdated": "2024-08-01T22:59:32.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-23217\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2024-01-23T01:15:11.360\",\"lastModified\":\"2024-03-13T22:15:09.273\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda omitir ciertas preferencias de privacidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.3\",\"matchCriteriaId\":\"93A0FBA9-3FF2-483E-8669-E2C196B3A444\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.3\",\"matchCriteriaId\":\"F927B013-925E-4474-B464-3FA0241F9269\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.3\",\"matchCriteriaId\":\"79ADFEBE-99EE-4F01-9AE8-489EB41885D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.3\",\"matchCriteriaId\":\"F265723B-24BD-4BD9-A45C-6FFD000A7B03\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2024/Jan/33\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jan/36\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jan/39\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/22\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT214059\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214060\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214061\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214085\",\"source\":\"product-security@apple.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.