ByteOS Network

Vulnerability Details :

CVE-2024-23254

Assigner-apple

Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c

Published At-08 Mar, 2024 | 01:36

Updated At-13 Feb, 2025 | 17:34

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:apple

Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c

Published At:08 Mar, 2024 | 01:36

Updated At:13 Feb, 2025 | 17:34

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Apple Inc.

Product

visionOS

Versions

Affected

From unspecified before 1.1 (custom)

Vendor

Apple Inc.

Product

tvOS

Versions

Affected

From unspecified before 17.4 (custom)

Vendor

Apple Inc.

Product

iOS and iPadOS

Versions

Affected

From unspecified before 17.4 (custom)

Vendor

Apple Inc.

Product

Safari

Versions

Affected

From unspecified before 17.4 (custom)

Vendor

Apple Inc.

Product

macOS

Versions

Affected

From unspecified before 14.4 (custom)

Vendor

Apple Inc.

Product

watchOS

Versions

Affected

From unspecified before 10.4 (custom)

Problem Types

Type	CWE ID	Description
N/A	N/A	A malicious website may exfiltrate audio data cross-origin

Type: N/A

CWE ID: N/A

Description: A malicious website may exfiltrate audio data cross-origin

References

Hyperlink	Resource
https://support.apple.com/en-us/HT214087	N/A
https://support.apple.com/en-us/HT214086	N/A
https://support.apple.com/en-us/HT214081	N/A
https://support.apple.com/en-us/HT214089	N/A
https://support.apple.com/en-us/HT214084	N/A
https://support.apple.com/en-us/HT214088	N/A
http://seclists.org/fulldisclosure/2024/Mar/20	N/A
http://seclists.org/fulldisclosure/2024/Mar/21	N/A
http://seclists.org/fulldisclosure/2024/Mar/25	N/A
http://seclists.org/fulldisclosure/2024/Mar/24	N/A
http://seclists.org/fulldisclosure/2024/Mar/26	N/A
http://www.openwall.com/lists/oss-security/2024/03/26/1	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/	N/A

Hyperlink: https://support.apple.com/en-us/HT214087

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214086

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214081

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214089

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214084

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214088

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/20

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/26

Resource: N/A

Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/26/1

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-noinfo	CWE-noinfo Not enough information

Type: CWE

CWE ID: CWE-noinfo

Description: CWE-noinfo Not enough information

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://support.apple.com/en-us/HT214087	x_transferred
https://support.apple.com/en-us/HT214086	x_transferred
https://support.apple.com/en-us/HT214081	x_transferred
https://support.apple.com/en-us/HT214089	x_transferred
https://support.apple.com/en-us/HT214084	x_transferred
https://support.apple.com/en-us/HT214088	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/20	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/21	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/25	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/24	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/26	x_transferred
http://www.openwall.com/lists/oss-security/2024/03/26/1	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/	x_transferred

Hyperlink: https://support.apple.com/en-us/HT214087

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214086

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214081

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214089

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214084

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214088

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/20

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/26

Resource:

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/26/1

Resource:

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@apple.com

Published At:08 Mar, 2024 | 02:15

Updated At:06 Dec, 2024 | 02:54

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CPE Matches

Apple Inc.

>>safari>>Versions before 17.4(exclusive)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Apple Inc.

>>ipad_os>>Versions before 17.4(exclusive)

cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions before 17.4(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions before 14.4(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Apple Inc.

>>tvos>>Versions before 17.4(exclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Apple Inc.

>>visionos>>Versions before 1.1(exclusive)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Apple Inc.

>>watchos>>Versions before 10.4(exclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Fedora Project

>>fedora>>40

cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

webkitgtk>>webkitgtk>>Versions before 2.44.0(exclusive)

cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*

wpewebkit>>wpe_webkit>>Versions before 2.44.0(exclusive)

cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://seclists.org/fulldisclosure/2024/Mar/20	product-security@apple.com	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/21	product-security@apple.com	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24	product-security@apple.com	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25	product-security@apple.com	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/26	product-security@apple.com	Mailing List
http://www.openwall.com/lists/oss-security/2024/03/26/1	product-security@apple.com	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/	product-security@apple.com	Mailing List
https://support.apple.com/en-us/HT214081	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214084	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214086	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214087	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214088	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214089	product-security@apple.com	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Mar/20	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/21	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/26	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://www.openwall.com/lists/oss-security/2024/03/26/1	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://support.apple.com/en-us/HT214081	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214084	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214086	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214087	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214088	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214089	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/20

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/26

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/26/1

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: https://support.apple.com/en-us/HT214081

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214084

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214086

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214087

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214088

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214089

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/20