ByteOS Network

Vulnerability Details :

CVE-2024-23263

Assigner-apple

Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c

Published At-08 Mar, 2024 | 01:36

Updated At-13 Feb, 2025 | 17:39

A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:apple

Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c

Published At:08 Mar, 2024 | 01:36

Updated At:13 Feb, 2025 | 17:39

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Apple Inc.

Product

visionOS

Versions

Affected

From unspecified before 1.1 (custom)

Vendor

Apple Inc.

Product

tvOS

Versions

Affected

From unspecified before 17.4 (custom)

Vendor

Apple Inc.

Product

iOS and iPadOS

Versions

Affected

From unspecified before 17.4 (custom)

Vendor

Apple Inc.

Product

iOS and iPadOS

Versions

Affected

From unspecified before 16.7 (custom)

Vendor

Apple Inc.

Product

Safari

Versions

Affected

From unspecified before 17.4 (custom)

Vendor

Apple Inc.

Product

macOS

Versions

Affected

From unspecified before 14.4 (custom)

Vendor

Apple Inc.

Product

watchOS

Versions

Affected

From unspecified before 10.4 (custom)

Problem Types

Type	CWE ID	Description
N/A	N/A	Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Type: N/A

CWE ID: N/A

Description: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

References

Hyperlink	Resource
https://support.apple.com/en-us/HT214087	N/A
https://support.apple.com/en-us/HT214086	N/A
https://support.apple.com/en-us/HT214081	N/A
https://support.apple.com/en-us/HT214082	N/A
https://support.apple.com/en-us/HT214089	N/A
https://support.apple.com/en-us/HT214084	N/A
https://support.apple.com/en-us/HT214088	N/A
http://seclists.org/fulldisclosure/2024/Mar/20	N/A
http://seclists.org/fulldisclosure/2024/Mar/21	N/A
http://seclists.org/fulldisclosure/2024/Mar/25	N/A
http://seclists.org/fulldisclosure/2024/Mar/24	N/A
http://seclists.org/fulldisclosure/2024/Mar/26	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/	N/A
http://www.openwall.com/lists/oss-security/2024/03/26/1	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/	N/A

Hyperlink: https://support.apple.com/en-us/HT214087

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214086

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214081

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214082

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214089

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214084

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT214088

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/20

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/26

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/

Resource: N/A

Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/26/1

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

Apple Inc.

Product

visionos

CPEs

cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 0 before 1.1 (semver)

Vendor

Apple Inc.

Product

tvos

CPEs

cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 0 before 17.4 (semver)

Vendor

Apple Inc.

Product

iphone_os

CPEs

cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 16.7 before 16.7.6 (semver)

Vendor

Apple Inc.

Product

ipad_os

CPEs

cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 16.7 before 16.7.6 (semver)

Vendor

Apple Inc.

Product

iphone_os

CPEs

cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 17.0 before 17.4 (semver)

Vendor

Apple Inc.

Product

ipad_os

CPEs

cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 17.0 before 17.4 (semver)

Vendor

Apple Inc.

Product

macos

CPEs

cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 14.0 before 14.4 (semver)

Vendor

Apple Inc.

Product

watchos

CPEs

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 10.4 (semver)

Vendor

webkitgtk

Product

webkitgtk

CPEs

cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 0 before 2.45.2 (semver)

Vendor

Apple Inc.

Product

safari

CPEs

cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 0 before 17.4 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-20	CWE-20 Improper Input Validation

Type: CWE

CWE ID: CWE-20

Description: CWE-20 Improper Input Validation

Metrics

Version	Base score	Base severity	Vector
3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://support.apple.com/en-us/HT214087	x_transferred
https://support.apple.com/en-us/HT214086	x_transferred
https://support.apple.com/en-us/HT214081	x_transferred
https://support.apple.com/en-us/HT214082	x_transferred
https://support.apple.com/en-us/HT214089	x_transferred
https://support.apple.com/en-us/HT214084	x_transferred
https://support.apple.com/en-us/HT214088	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/20	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/21	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/25	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/24	x_transferred
http://seclists.org/fulldisclosure/2024/Mar/26	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/	x_transferred
http://www.openwall.com/lists/oss-security/2024/03/26/1	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/	x_transferred

Hyperlink: https://support.apple.com/en-us/HT214087

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214086

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214081

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214082

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214089

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214084

Resource:

x_transferred

Hyperlink: https://support.apple.com/en-us/HT214088

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/20

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/26

Resource:

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/

Resource:

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/

Resource:

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/

Resource:

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/26/1

Resource:

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@apple.com

Published At:08 Mar, 2024 | 02:15

Updated At:09 Dec, 2024 | 14:55

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CPE Matches

Apple Inc.

>>safari>>Versions before 17.4(exclusive)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Apple Inc.

>>ipados>>Versions before 16.7.6(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Apple Inc.

>>ipados>>Versions from 17.0(inclusive) to 17.4(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions before 16.7.6(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions from 17.0(inclusive) to 17.4(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions from 14.0(inclusive) to 14.4(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Apple Inc.

>>tvos>>Versions before 17.4(exclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Apple Inc.

>>visionos>>Versions before 1.1(exclusive)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Apple Inc.

>>watchos>>Versions before 10.4(exclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

webkitgtk>>webkitgtk>>Versions before 2.44.0(exclusive)

cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*

wpewebkit>>wpe_webkit>>Versions before 2.44.0(exclusive)

cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*

Fedora Project

>>fedora>>38

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Fedora Project

>>fedora>>39

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Fedora Project

>>fedora>>40

cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-20	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-20

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://seclists.org/fulldisclosure/2024/Mar/20	product-security@apple.com	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/21	product-security@apple.com	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24	product-security@apple.com	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25	product-security@apple.com	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/26	product-security@apple.com	Mailing List
http://www.openwall.com/lists/oss-security/2024/03/26/1	product-security@apple.com	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/	product-security@apple.com	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/	product-security@apple.com	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/	product-security@apple.com	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/	product-security@apple.com	Mailing List
https://support.apple.com/en-us/HT214081	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214082	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214084	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214086	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214087	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214088	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT214089	product-security@apple.com	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Mar/20	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/21	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://seclists.org/fulldisclosure/2024/Mar/26	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://www.openwall.com/lists/oss-security/2024/03/26/1	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://support.apple.com/en-us/HT214081	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214082	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214084	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214086	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214087	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214088	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT214089	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/20

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/26

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/26/1

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/

Source: product-security@apple.com

Resource:

Mailing List

Hyperlink: https://support.apple.com/en-us/HT214081

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214082

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214084

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214086

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214087

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214088

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT214089

Source: product-security@apple.com

Resource:

Vendor Advisory

Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/20