CVE-2024-23204

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jan/33	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/36	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/39	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
https://support.apple.com/en-us/HT214059	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214060	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214061	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214085

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

13 Mar 2024, 23:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Mar/22 - () http://seclists.org/fulldisclosure/2024/Mar/23 -

07 Mar 2024, 19:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214082 - () https://support.apple.com/kb/HT214083 - () https://support.apple.com/kb/HT214085 -

26 Jan 2024, 21:15

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:watchos::::::::
References	~~() https://support.apple.com/en-us/HT214061 -~~	() https://support.apple.com/en-us/HT214061 - Release Notes, Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/36 -~~	() http://seclists.org/fulldisclosure/2024/Jan/36 - Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214059 -~~	() https://support.apple.com/en-us/HT214059 - Release Notes, Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/33 -~~	() http://seclists.org/fulldisclosure/2024/Jan/33 - Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214060 -~~	() https://support.apple.com/en-us/HT214060 - Release Notes, Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/39 -~~	() http://seclists.org/fulldisclosure/2024/Jan/39 - Third Party Advisory
CWE		NVD-CWE-noinfo
First Time		Apple watchos Apple Apple iphone Os Apple ipados Apple macos
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

26 Jan 2024, 18:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jan/36 - () http://seclists.org/fulldisclosure/2024/Jan/33 - () http://seclists.org/fulldisclosure/2024/Jan/39 -

23 Jan 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-23 01:15

Updated : 2024-03-13 23:15

NVD link : CVE-2024-23204

Mitre link : CVE-2024-23204

CVE.ORG link : CVE-2024-23204

JSON object : View

Products Affected

apple

macos
ipados
iphone_os
watchos

CWE

NVD-CWE-noinfo

7.5 /10