CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jan/33	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/36	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/39	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/40	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
https://support.apple.com/en-us/HT214055	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214059	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214060	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214061	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214085

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

13 Mar 2024, 23:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Mar/23 -

13 Mar 2024, 22:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Mar/22 -

07 Mar 2024, 19:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214082 - () https://support.apple.com/kb/HT214083 - () https://support.apple.com/kb/HT214085 -

30 Jan 2024, 17:56

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:tvos::::::::
CWE		CWE-203
First Time		Apple iphone Os Apple watchos Apple Apple macos Apple tvos Apple ipados
References	~~() https://support.apple.com/en-us/HT214059 -~~	() https://support.apple.com/en-us/HT214059 - Release Notes, Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/39 -~~	() http://seclists.org/fulldisclosure/2024/Jan/39 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/36 -~~	() http://seclists.org/fulldisclosure/2024/Jan/36 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/33 -~~	() http://seclists.org/fulldisclosure/2024/Jan/33 - Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214061 -~~	() https://support.apple.com/en-us/HT214061 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214055 -~~	() https://support.apple.com/en-us/HT214055 - Release Notes, Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/40 -~~	() http://seclists.org/fulldisclosure/2024/Jan/40 - Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214060 -~~	() https://support.apple.com/en-us/HT214060 - Release Notes, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9

26 Jan 2024, 18:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jan/39 - () http://seclists.org/fulldisclosure/2024/Jan/36 - () http://seclists.org/fulldisclosure/2024/Jan/33 - () http://seclists.org/fulldisclosure/2024/Jan/40 -

23 Jan 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-23 01:15

Updated : 2024-03-13 23:15

NVD link : CVE-2024-23218

Mitre link : CVE-2024-23218

CVE.ORG link : CVE-2024-23218

JSON object : View

Products Affected

apple

watchos
ipados
tvos
iphone_os
macos

CWE

CWE-203

Observable Discrepancy

5.9 /10