CVE-2024-23204

CVSS 7.5 HIGHEPSS 1.8%

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.5EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 ene 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Apple · iOS and iPadOS Apple · macOS Apple · watchOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://seclists.org/fulldisclosure/2024/Jan/33 http://seclists.org/fulldisclosure/2024/Jan/36 http://seclists.org/fulldisclosure/2024/Jan/39 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 https://support.apple.com/en-us/120304 https://support.apple.com/en-us/120306 https://support.apple.com/en-us/120309 https://support.apple.com/en-us/120880 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/HT214059