CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

History

13 Mar 2024, 23:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/23 -

13 Mar 2024, 22:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/22 -

07 Mar 2024, 19:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214082 -
  • () https://support.apple.com/kb/HT214083 -
  • () https://support.apple.com/kb/HT214085 -

30 Jan 2024, 17:56

Type Values Removed Values Added
First Time Apple iphone Os
Apple watchos
Apple
Apple macos
Apple tvos
Apple ipados
CWE CWE-203
References () https://support.apple.com/en-us/HT214059 - () https://support.apple.com/en-us/HT214059 - Release Notes, Vendor Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/39 - () http://seclists.org/fulldisclosure/2024/Jan/39 - Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/36 - () http://seclists.org/fulldisclosure/2024/Jan/36 - Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/33 - () http://seclists.org/fulldisclosure/2024/Jan/33 - Third Party Advisory
References () https://support.apple.com/en-us/HT214061 - () https://support.apple.com/en-us/HT214061 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/HT214055 - () https://support.apple.com/en-us/HT214055 - Release Notes, Vendor Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/40 - () http://seclists.org/fulldisclosure/2024/Jan/40 - Third Party Advisory
References () https://support.apple.com/en-us/HT214060 - () https://support.apple.com/en-us/HT214060 - Release Notes, Vendor Advisory
CPE cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9

26 Jan 2024, 18:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jan/39 -
  • () http://seclists.org/fulldisclosure/2024/Jan/36 -
  • () http://seclists.org/fulldisclosure/2024/Jan/33 -
  • () http://seclists.org/fulldisclosure/2024/Jan/40 -

23 Jan 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-23 01:15

Updated : 2024-03-13 23:15


NVD link : CVE-2024-23218

Mitre link : CVE-2024-23218

CVE.ORG link : CVE-2024-23218


JSON object : View

Products Affected

apple

  • watchos
  • macos
  • tvos
  • ipados
  • iphone_os
CWE
CWE-203

Observable Discrepancy