{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23235", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.480Z", "datePublished": "2024-03-08T01:36:04.430Z", "dateUpdated": "2024-08-01T22:59:31.970Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access user-sensitive data"}]}], "affected": [{"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "1.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "10.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data."}], "references": [{"url": "https://support.apple.com/en-us/HT214087"}, {"url": "https://support.apple.com/en-us/HT214086"}, {"url": "https://support.apple.com/en-us/HT214081"}, {"url": "https://support.apple.com/en-us/HT214082"}, {"url": "https://support.apple.com/en-us/HT214084"}, {"url": "https://support.apple.com/en-us/HT214088"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-08T01:36:04.430Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "affected": [{"vendor": "apple", "product": "visionos", "cpes": ["cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.1", "versionType": "custom"}]}, {"vendor": "apple", "product": "tvos", "cpes": ["cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "apple", "product": "macos", "cpes": ["cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.0", "status": "affected", "lessThan": "14.4", "versionType": "custom"}]}, {"vendor": "apple", "product": "watchos", "cpes": ["cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.4", "versionType": "custom"}]}, {"vendor": "apple", "product": "ios", "cpes": ["cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "apple", "product": "ipad_os", "cpes": ["cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-11T16:21:14.723503Z", "id": "CVE-2024-23235", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T18:12:37.705Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:31.970Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214087", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214086", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214081", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214082", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214088", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214087", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214086", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214081", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214082", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214088", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:31.970Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23235", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-11T16:21:14.723503Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "visionos", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "tvos", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "14.0", "lessThan": "14.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "watchos", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ios", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ipad_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T15:23:06.861Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214087"}, {"url": "https://support.apple.com/en-us/HT214086"}, {"url": "https://support.apple.com/en-us/HT214081"}, {"url": "https://support.apple.com/en-us/HT214082"}, {"url": "https://support.apple.com/en-us/HT214084"}, {"url": "https://support.apple.com/en-us/HT214088"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26"}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access user-sensitive data"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-08T01:36:04.430Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23235", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:59:31.970Z", "dateReserved": "2024-01-12T22:22:21.480Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-03-08T01:36:04.430Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "9277B3E8-4519-4E07-A89A-A08C604AB78C", "versionEndExcluding": "16.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", "versionEndExcluding": "17.4", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", "versionEndExcluding": "16.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", "versionEndExcluding": "17.4", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", "versionEndExcluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", "versionEndExcluding": "1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6", "versionEndExcluding": "10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data."}, {"lang": "es", "value": "Se abord\u00f3 una condici\u00f3n de ejecuci\u00f3n con validaci\u00f3n adicional. Este problema se solucion\u00f3 en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."}], "id": "CVE-2024-23235", "lastModified": "2024-12-20T17:08:50.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-08T02:15:47.970", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/24"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/25"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/26"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214081"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214082"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214084"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214086"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214087"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214086"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214088"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}