csaf_certbund - wid-sec-w-2024-0173

wid-sec-w-2024-0173

Vulnerability from csaf_certbund

Published

2024-01-22 23:00

Modified

2024-05-09 22:00

Summary

Apple Safari: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Safari ist der auf Apple Geräten eingesetzte Web Browser.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- MacOS X

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Safari ist der auf Apple Ger\u00e4ten eingesetzte Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0173 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0173.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0173 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0173"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2024-01-22",
        "url": "https://support.apple.com/en-us/HT214056"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple Safari: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-05-10T08:02:57.674+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0173",
      "initial_release_date": "2024-01-22T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-22T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-05-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "CVE-2024-23271 erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c17.3",
                "product": {
                  "name": "Apple Safari \u003c17.3",
                  "product_id": "T032282",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apple:safari:17.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Safari"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-23206",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler bestehen in der Safari-Anwendung und in der WebKit-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Benutzereinstellungen, einer unsachgem\u00e4\u00dfen Zugriffsbeschr\u00e4nkung und eines Typverwechslungsproblems. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder um vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23206"
    },
    {
      "cve": "CVE-2024-23211",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler bestehen in der Safari-Anwendung und in der WebKit-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Benutzereinstellungen, einer unsachgem\u00e4\u00dfen Zugriffsbeschr\u00e4nkung und eines Typverwechslungsproblems. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder um vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23211"
    },
    {
      "cve": "CVE-2024-23213",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler bestehen in der Safari-Anwendung und in der WebKit-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Benutzereinstellungen, einer unsachgem\u00e4\u00dfen Zugriffsbeschr\u00e4nkung und eines Typverwechslungsproblems. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder um vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23213"
    },
    {
      "cve": "CVE-2024-23222",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler bestehen in der Safari-Anwendung und in der WebKit-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Benutzereinstellungen, einer unsachgem\u00e4\u00dfen Zugriffsbeschr\u00e4nkung und eines Typverwechslungsproblems. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder um vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23222"
    },
    {
      "cve": "CVE-2024-23271",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler bestehen in der Safari-Anwendung und in der WebKit-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Benutzereinstellungen, einer unsachgem\u00e4\u00dfen Zugriffsbeschr\u00e4nkung und eines Typverwechslungsproblems. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder um vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23271"
    }
  ]
}

cve-2024-23222

Vulnerability from cvelistv5

Published

2024-01-23 00:25

Modified

2024-08-01 22:59

Severity ?

Summary

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

References

▼	URL	Tags
	https://support.apple.com/en-us/HT214059
	https://support.apple.com/en-us/HT214055
	https://support.apple.com/en-us/HT214061
	https://support.apple.com/kb/HT214063
	https://support.apple.com/kb/HT214059
	https://support.apple.com/kb/HT214057
	https://support.apple.com/kb/HT214058
	https://support.apple.com/kb/HT214061
	https://support.apple.com/kb/HT214055
	https://support.apple.com/kb/HT214056

Impacted products

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	tvOS
	Apple	macOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.056Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214057"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214058"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214056"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-08T01:36:17.423Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214059"
        },
        {
          "url": "https://support.apple.com/en-us/HT214055"
        },
        {
          "url": "https://support.apple.com/en-us/HT214061"
        },
        {
          "url": "https://support.apple.com/kb/HT214063"
        },
        {
          "url": "https://support.apple.com/kb/HT214059"
        },
        {
          "url": "https://support.apple.com/kb/HT214057"
        },
        {
          "url": "https://support.apple.com/kb/HT214058"
        },
        {
          "url": "https://support.apple.com/kb/HT214061"
        },
        {
          "url": "https://support.apple.com/kb/HT214055"
        },
        {
          "url": "https://support.apple.com/kb/HT214056"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23222",
    "datePublished": "2024-01-23T00:25:37.095Z",
    "dateReserved": "2024-01-12T22:22:21.478Z",
    "dateUpdated": "2024-08-01T22:59:32.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23211

Vulnerability from cvelistv5

Published

2024-01-23 00:25

Modified

2024-08-01 22:59

Severity ?

Summary

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.

References

▼	URL	Tags
	https://support.apple.com/en-us/HT214059
	https://support.apple.com/en-us/HT214063
	https://support.apple.com/en-us/HT214056
	https://support.apple.com/en-us/HT214060
	https://support.apple.com/en-us/HT214061
	http://seclists.org/fulldisclosure/2024/Jan/27
	http://seclists.org/fulldisclosure/2024/Jan/33
	http://seclists.org/fulldisclosure/2024/Jan/36
	http://seclists.org/fulldisclosure/2024/Jan/34
	http://seclists.org/fulldisclosure/2024/Jan/39

Impacted products

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	iOS and iPadOS
	Apple	Safari
	Apple	watchOS
	Apple	macOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214056"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/39"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user\u0027s private browsing activity may be visible in Settings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A user\u0027s private browsing activity may be visible in Settings",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T00:25:20.675Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214059"
        },
        {
          "url": "https://support.apple.com/en-us/HT214063"
        },
        {
          "url": "https://support.apple.com/en-us/HT214056"
        },
        {
          "url": "https://support.apple.com/en-us/HT214060"
        },
        {
          "url": "https://support.apple.com/en-us/HT214061"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/27"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/33"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/36"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/34"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/39"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23211",
    "datePublished": "2024-01-23T00:25:20.675Z",
    "dateReserved": "2024-01-12T22:22:21.476Z",
    "dateUpdated": "2024-08-01T22:59:32.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23271

Vulnerability from cvelistv5

Published

2024-04-24 16:43

Modified

2024-08-01 22:59

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.

References

▼	URL	Tags
	https://support.apple.com/en-us/HT214059
	https://support.apple.com/en-us/HT214055
	https://support.apple.com/en-us/HT214056
	https://support.apple.com/en-us/HT214060
	https://support.apple.com/en-us/HT214061
	https://support.apple.com/kb/HT214060
	https://support.apple.com/kb/HT214059
	https://support.apple.com/kb/HT214061
	https://support.apple.com/kb/HT214055
	https://support.apple.com/kb/HT214056

Impacted products

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	tvOS
	Apple	Safari
	Apple	watchOS
	Apple	macOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios",
            "vendor": "apple",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T17:21:25.656286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:45:53.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214056"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214056"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A malicious website may cause unexpected cross-origin behavior",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-24T16:43:43.625Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214059"
        },
        {
          "url": "https://support.apple.com/en-us/HT214055"
        },
        {
          "url": "https://support.apple.com/en-us/HT214056"
        },
        {
          "url": "https://support.apple.com/en-us/HT214060"
        },
        {
          "url": "https://support.apple.com/en-us/HT214061"
        },
        {
          "url": "https://support.apple.com/kb/HT214060"
        },
        {
          "url": "https://support.apple.com/kb/HT214059"
        },
        {
          "url": "https://support.apple.com/kb/HT214061"
        },
        {
          "url": "https://support.apple.com/kb/HT214055"
        },
        {
          "url": "https://support.apple.com/kb/HT214056"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23271",
    "datePublished": "2024-04-24T16:43:43.625Z",
    "dateReserved": "2024-01-12T22:22:21.498Z",
    "dateUpdated": "2024-08-01T22:59:32.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23206

Vulnerability from cvelistv5

Published

2024-01-23 00:25

Modified

2024-08-01 22:59

Severity ?

Summary

An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.

References

▼	URL	Tags
	https://support.apple.com/en-us/HT214059
	https://support.apple.com/en-us/HT214063
	https://support.apple.com/en-us/HT214055
	https://support.apple.com/en-us/HT214056
	https://support.apple.com/en-us/HT214060
	https://support.apple.com/en-us/HT214061
	https://support.apple.com/kb/HT214060
	https://support.apple.com/kb/HT214063
	https://support.apple.com/kb/HT214059
	https://support.apple.com/kb/HT214061
	https://support.apple.com/kb/HT214055
	https://support.apple.com/kb/HT214056
	http://seclists.org/fulldisclosure/2024/Jan/27
	http://seclists.org/fulldisclosure/2024/Jan/33
	http://seclists.org/fulldisclosure/2024/Jan/36
	http://seclists.org/fulldisclosure/2024/Jan/34
	http://seclists.org/fulldisclosure/2024/Jan/39
	http://seclists.org/fulldisclosure/2024/Jan/40
	http://www.openwall.com/lists/oss-security/2024/02/05/8
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/

Impacted products

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	iOS and iPadOS
	Apple	tvOS
	Apple	Safari
	Apple	watchOS
	Apple	macOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.757Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214056"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214056"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/05/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A maliciously crafted webpage may be able to fingerprint the user",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T00:25:22.555Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214059"
        },
        {
          "url": "https://support.apple.com/en-us/HT214063"
        },
        {
          "url": "https://support.apple.com/en-us/HT214055"
        },
        {
          "url": "https://support.apple.com/en-us/HT214056"
        },
        {
          "url": "https://support.apple.com/en-us/HT214060"
        },
        {
          "url": "https://support.apple.com/en-us/HT214061"
        },
        {
          "url": "https://support.apple.com/kb/HT214060"
        },
        {
          "url": "https://support.apple.com/kb/HT214063"
        },
        {
          "url": "https://support.apple.com/kb/HT214059"
        },
        {
          "url": "https://support.apple.com/kb/HT214061"
        },
        {
          "url": "https://support.apple.com/kb/HT214055"
        },
        {
          "url": "https://support.apple.com/kb/HT214056"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/27"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/33"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/36"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/34"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/39"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/40"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/02/05/8"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23206",
    "datePublished": "2024-01-23T00:25:22.555Z",
    "dateReserved": "2024-01-12T22:22:21.476Z",
    "dateUpdated": "2024-08-01T22:59:31.757Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23213

Vulnerability from cvelistv5

Published

2024-01-23 00:25

Modified

2024-08-01 22:59

Severity ?

Summary

The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.

References

▼	URL	Tags
	https://support.apple.com/en-us/HT214059
	https://support.apple.com/en-us/HT214063
	https://support.apple.com/en-us/HT214055
	https://support.apple.com/en-us/HT214056
	https://support.apple.com/en-us/HT214060
	https://support.apple.com/en-us/HT214061
	https://support.apple.com/kb/HT214060
	https://support.apple.com/kb/HT214063
	https://support.apple.com/kb/HT214059
	https://support.apple.com/kb/HT214061
	https://support.apple.com/kb/HT214055
	https://support.apple.com/kb/HT214056
	http://seclists.org/fulldisclosure/2024/Jan/27
	http://seclists.org/fulldisclosure/2024/Jan/33
	http://seclists.org/fulldisclosure/2024/Jan/36
	http://seclists.org/fulldisclosure/2024/Jan/34
	http://seclists.org/fulldisclosure/2024/Jan/39
	http://seclists.org/fulldisclosure/2024/Jan/40
	http://www.openwall.com/lists/oss-security/2024/02/05/8
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/

Impacted products

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	iOS and iPadOS
	Apple	tvOS
	Apple	Safari
	Apple	watchOS
	Apple	macOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214056"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214056"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/05/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing web content may lead to arbitrary code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T00:25:24.505Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214059"
        },
        {
          "url": "https://support.apple.com/en-us/HT214063"
        },
        {
          "url": "https://support.apple.com/en-us/HT214055"
        },
        {
          "url": "https://support.apple.com/en-us/HT214056"
        },
        {
          "url": "https://support.apple.com/en-us/HT214060"
        },
        {
          "url": "https://support.apple.com/en-us/HT214061"
        },
        {
          "url": "https://support.apple.com/kb/HT214060"
        },
        {
          "url": "https://support.apple.com/kb/HT214063"
        },
        {
          "url": "https://support.apple.com/kb/HT214059"
        },
        {
          "url": "https://support.apple.com/kb/HT214061"
        },
        {
          "url": "https://support.apple.com/kb/HT214055"
        },
        {
          "url": "https://support.apple.com/kb/HT214056"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/27"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/33"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/36"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/34"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/39"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/40"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/02/05/8"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23213",
    "datePublished": "2024-01-23T00:25:24.505Z",
    "dateReserved": "2024-01-12T22:22:21.477Z",
    "dateUpdated": "2024-08-01T22:59:31.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

wid-sec-w-2024-0173

Vulnerability from csaf_certbund

cve-2024-23222

Vulnerability from cvelistv5

cve-2024-23211

Vulnerability from cvelistv5

cve-2024-23271

Vulnerability from cvelistv5

cve-2024-23206

Vulnerability from cvelistv5

cve-2024-23213

Vulnerability from cvelistv5

Tags