Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40832

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-29 Jul, 2024 | 22:17
Updated At-02 Apr, 2026 | 18:23
Rejected At-
Credits

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:29 Jul, 2024 | 22:17
Updated At:02 Apr, 2026 | 18:23
Rejected At:
▼CVE Numbering Authority (CNA)

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.

Affected Products
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From 0 before 14.6 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn app may be able to view a contact's phone number in system logs
Type: N/A
CWE ID: N/A
Description: An app may be able to view a contact's phone number in system logs
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/120911
N/A
Hyperlink: https://support.apple.com/en-us/120911
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-922CWE-922 Insecure Storage of Sensitive Information
Type: CWE
CWE ID: CWE-922
Description: CWE-922 Insecure Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT214119
x_transferred
http://seclists.org/fulldisclosure/2024/Jul/18
x_transferred
https://support.apple.com/kb/HT214119
N/A
Hyperlink: https://support.apple.com/en-us/HT214119
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/18
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT214119
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:29 Jul, 2024 | 23:15
Updated At:02 Apr, 2026 | 19:17

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Apple Inc.
apple
>>macos>>Versions before 14.6(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-922Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-922
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.apple.com/en-us/120911product-security@apple.com
N/A
http://seclists.org/fulldisclosure/2024/Jul/18af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214119af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214119af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://support.apple.com/en-us/120911
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/18
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://support.apple.com/en-us/HT214119
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT214119
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

138Records found
CVE-2022-32876
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 22:40
Updated-09 Oct, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2025-46276
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 5.68%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSwatchOSiOS and iPadOSvisionOS
CVE-2025-43308
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 10.15%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:35
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-43395
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 3.62%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 01:16
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-43538
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.01% / 0.90%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSwatchOSiOS and iPadOSvisionOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-43388
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 4.53%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2025-43517
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 4.98%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43516
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user with Voice Control enabled may be able to transcribe another user's activity.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-384
Session Fixation
CVE-2022-22598
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CVE-2019-8857
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 20:07
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-8541
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchoswatchOSiOS
CVE-2019-8730
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.11% / 28.52%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-459
Incomplete Cleanup
CVE-2019-8809
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.07% / 21.40%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:51
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xwatchOSmacOSiOStvOSiOS and iPadOS
CVE-2025-24141
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.04% / 13.58%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-24090
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 17:06
Updated-02 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2023-5920
Matching Score-8
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-8
Assigner-Mattermost, Inc.
CVSS Score-2.9||LOW
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 08:34
Updated-27 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack Of Secure Keyboard Entry Protection in MacOS Desktop

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.

Action-Not Available
Vendor-Apple Inc.Mattermost, Inc.
Product-mattermost_desktopmacosMattermost Desktop
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-24069
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.10% / 26.36%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 00:00
Updated-02 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

Action-Not Available
Vendor-signaln/asignalLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-signal-desktopwindowsmacoslinux_kerneln/asignal-desktop
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-37448
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.16% / 36.65%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 20:14
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2023-42823
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.7||LOW
EPSS-0.04% / 13.89%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 06:41
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-tvoswatchosipadosmacosiphone_oswatchOSiOS and iPadOStvOSmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-42878
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.53%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 06:41
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacoswatchoswatchOSmacOSiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-42839
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 6.30%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 06:41
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-tvoswatchosipad_osmacosiphone_oswatchOSmacOStvOSiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-42913
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.83%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 15:39
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-42840
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 6.30%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 06:41
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-32415
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadostvostvOSmacOSiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-27942
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.36%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadostvosiphone_oswatchosmacosiOS and iPadOSwatchOSmacOStvOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44175
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.86%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-23542
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.36%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-23541
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.06% / 18.22%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-23522
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.10%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54504
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.04%
||
7 Day CHG+0.04%
Published-11 Dec, 2024 | 22:58
Updated-02 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54549
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.35%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54541
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.36%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54477
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.17%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:58
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54485
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.14%
||
7 Day CHG+0.02%
Published-11 Dec, 2024 | 22:59
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacOSiOS and iPadOSiPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44200
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 28.26%
||
7 Day CHG+0.03%
Published-11 Dec, 2024 | 22:59
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacOSiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44216
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.29%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44213
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 34.56%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker in a privileged network position may be able to leak sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44292
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.58%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 04:06
Updated-02 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44275
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.05% / 16.44%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44263
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4||MEDIUM
EPSS-0.06% / 16.91%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-02 Apr, 2026 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44298
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 22.76%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 04:06
Updated-02 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44257
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 16.51%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-34189
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.88%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 18:49
Updated-17 Nov, 2025 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vasion Print (formerly PrinterLogic) Insecure Inter-Process Communication Allows Local Session Hijacking

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

Action-Not Available
Vendor-vasionVasionLinux Kernel Organization, IncApple Inc.
Product-linux_kernelvirtual_appliance_applicationvirtual_appliance_hostmacosPrint Virtual Appliance HostPrint Application
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44174
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-20629
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:59
Updated-02 Apr, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2017-13909
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.27%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 19:48
Updated-05 Aug, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-27789
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 24.83%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 23:00
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.7. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-40813
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 28.33%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadoswatchOSiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23217
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.01% / 0.87%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 00:25
Updated-02 Apr, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadosmacosmacOSwatchOSiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23290
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-tvoswatchosmacosiphone_osipadosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found