CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
References
Link Resource
http://seclists.org/fulldisclosure/2024/Jan/33 Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/36 Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/39 Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/40 Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
https://support.apple.com/en-us/HT214055 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214059 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214060 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214061 Release Notes Vendor Advisory
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214085
http://seclists.org/fulldisclosure/2024/Jan/33 Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/36 Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/39 Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/40 Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
https://support.apple.com/en-us/HT214055 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214059 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214060 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214061 Release Notes Vendor Advisory
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214085
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:57

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Jan/33 - Third Party Advisory () http://seclists.org/fulldisclosure/2024/Jan/33 - Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/36 - Third Party Advisory () http://seclists.org/fulldisclosure/2024/Jan/36 - Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/39 - Third Party Advisory () http://seclists.org/fulldisclosure/2024/Jan/39 - Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/40 - Third Party Advisory () http://seclists.org/fulldisclosure/2024/Jan/40 - Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Mar/22 - () http://seclists.org/fulldisclosure/2024/Mar/22 -
References () http://seclists.org/fulldisclosure/2024/Mar/23 - () http://seclists.org/fulldisclosure/2024/Mar/23 -
References () https://support.apple.com/en-us/HT214055 - Release Notes, Vendor Advisory () https://support.apple.com/en-us/HT214055 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/HT214059 - Release Notes, Vendor Advisory () https://support.apple.com/en-us/HT214059 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/HT214060 - Release Notes, Vendor Advisory () https://support.apple.com/en-us/HT214060 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/HT214061 - Release Notes, Vendor Advisory () https://support.apple.com/en-us/HT214061 - Release Notes, Vendor Advisory
References () https://support.apple.com/kb/HT214082 - () https://support.apple.com/kb/HT214082 -
References () https://support.apple.com/kb/HT214083 - () https://support.apple.com/kb/HT214083 -
References () https://support.apple.com/kb/HT214085 - () https://support.apple.com/kb/HT214085 -

13 Mar 2024, 23:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/23 -

13 Mar 2024, 22:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/22 -

07 Mar 2024, 19:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214082 -
  • () https://support.apple.com/kb/HT214083 -
  • () https://support.apple.com/kb/HT214085 -

30 Jan 2024, 17:56

Type Values Removed Values Added
CPE cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
References () https://support.apple.com/en-us/HT214059 - () https://support.apple.com/en-us/HT214059 - Release Notes, Vendor Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/39 - () http://seclists.org/fulldisclosure/2024/Jan/39 - Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/36 - () http://seclists.org/fulldisclosure/2024/Jan/36 - Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/33 - () http://seclists.org/fulldisclosure/2024/Jan/33 - Third Party Advisory
References () https://support.apple.com/en-us/HT214061 - () https://support.apple.com/en-us/HT214061 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/HT214055 - () https://support.apple.com/en-us/HT214055 - Release Notes, Vendor Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/40 - () http://seclists.org/fulldisclosure/2024/Jan/40 - Third Party Advisory
References () https://support.apple.com/en-us/HT214060 - () https://support.apple.com/en-us/HT214060 - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9
First Time Apple iphone Os
Apple watchos
Apple
Apple macos
Apple tvos
Apple ipados
CWE CWE-203

26 Jan 2024, 18:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jan/39 -
  • () http://seclists.org/fulldisclosure/2024/Jan/36 -
  • () http://seclists.org/fulldisclosure/2024/Jan/33 -
  • () http://seclists.org/fulldisclosure/2024/Jan/40 -

23 Jan 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-23 01:15

Updated : 2024-11-21 08:57


NVD link : CVE-2024-23218

Mitre link : CVE-2024-23218

CVE.ORG link : CVE-2024-23218


JSON object : View

Products Affected

apple

  • macos
  • ipados
  • tvos
  • iphone_os
  • watchos
CWE
CWE-203

Observable Discrepancy