CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jan/33	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/36	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/39	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/40	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
https://support.apple.com/en-us/HT214055	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214059	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214060	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214061	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214085

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

13 Mar 2024, 23:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Mar/23 -

13 Mar 2024, 22:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Mar/22 -

07 Mar 2024, 19:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214082 - () https://support.apple.com/kb/HT214083 - () https://support.apple.com/kb/HT214085 -

30 Jan 2024, 17:56

Type	Values Removed	Values Added
First Time		Apple iphone Os Apple watchos Apple Apple macos Apple tvos Apple ipados
CWE		CWE-203
References	~~() https://support.apple.com/en-us/HT214059 -~~	() https://support.apple.com/en-us/HT214059 - Release Notes, Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/39 -~~	() http://seclists.org/fulldisclosure/2024/Jan/39 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/36 -~~	() http://seclists.org/fulldisclosure/2024/Jan/36 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/33 -~~	() http://seclists.org/fulldisclosure/2024/Jan/33 - Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214061 -~~	() https://support.apple.com/en-us/HT214061 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214055 -~~	() https://support.apple.com/en-us/HT214055 - Release Notes, Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/40 -~~	() http://seclists.org/fulldisclosure/2024/Jan/40 - Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214060 -~~	() https://support.apple.com/en-us/HT214060 - Release Notes, Vendor Advisory
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:tvos::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9

26 Jan 2024, 18:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jan/39 - () http://seclists.org/fulldisclosure/2024/Jan/36 - () http://seclists.org/fulldisclosure/2024/Jan/33 - () http://seclists.org/fulldisclosure/2024/Jan/40 -

23 Jan 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-23 01:15

Updated : 2024-03-13 23:15

NVD link : CVE-2024-23218

Mitre link : CVE-2024-23218

CVE.ORG link : CVE-2024-23218

JSON object : View

Products Affected

apple

watchos
macos
tvos
ipados
iphone_os

CWE

CWE-203

Observable Discrepancy

5.9 /10