CVE-2024-23293

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23293
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24 Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25 Mailing List
https://support.apple.com/en-us/HT214081 Vendor Advisory
https://support.apple.com/en-us/HT214084 Vendor Advisory
https://support.apple.com/en-us/HT214086 Vendor Advisory
https://support.apple.com/en-us/HT214088 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24 Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25 Mailing List
https://support.apple.com/en-us/HT214081 Vendor Advisory
https://support.apple.com/en-us/HT214084 Vendor Advisory
https://support.apple.com/en-us/HT214086 Vendor Advisory
https://support.apple.com/en-us/HT214088 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

09 Dec 2024, 16:19

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Mar/21 - () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List
References () http://seclists.org/fulldisclosure/2024/Mar/24 - () http://seclists.org/fulldisclosure/2024/Mar/24 - Mailing List
References () http://seclists.org/fulldisclosure/2024/Mar/25 - () http://seclists.org/fulldisclosure/2024/Mar/25 - Mailing List
References () https://support.apple.com/en-us/HT214081 - () https://support.apple.com/en-us/HT214081 - Vendor Advisory
References () https://support.apple.com/en-us/HT214084 - () https://support.apple.com/en-us/HT214084 - Vendor Advisory
References () https://support.apple.com/en-us/HT214086 - () https://support.apple.com/en-us/HT214086 - Vendor Advisory
References () https://support.apple.com/en-us/HT214088 - () https://support.apple.com/en-us/HT214088 - Vendor Advisory
CPE cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
First Time Apple ipad Os
Apple tvos
Apple watchos
Apple iphone Os
Apple macos
Apple
CWE NVD-CWE-noinfo

22 Nov 2024, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 0.0 		v2 : unknown
v3 : 4.6
References () http://seclists.org/fulldisclosure/2024/Mar/21 - () http://seclists.org/fulldisclosure/2024/Mar/21 -
References () http://seclists.org/fulldisclosure/2024/Mar/24 - () http://seclists.org/fulldisclosure/2024/Mar/24 -
References () http://seclists.org/fulldisclosure/2024/Mar/25 - () http://seclists.org/fulldisclosure/2024/Mar/25 -
References () https://support.apple.com/en-us/HT214081 - () https://support.apple.com/en-us/HT214081 -
References () https://support.apple.com/en-us/HT214084 - () https://support.apple.com/en-us/HT214084 -
References () https://support.apple.com/en-us/HT214086 - () https://support.apple.com/en-us/HT214086 -
References () https://support.apple.com/en-us/HT214088 - () https://support.apple.com/en-us/HT214088 -

27 Oct 2024, 14:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 0.0

13 Mar 2024, 22:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/24 -
  • () http://seclists.org/fulldisclosure/2024/Mar/25 -

13 Mar 2024, 21:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/21 -

08 Mar 2024, 14:02

Type Values Removed Values Added
Summary
  • (es) Esta cuestión se abordó mediante una mejor gestión de estado. Este problema se solucionó en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. Un atacante con acceso físico puede utilizar Siri para acceder a datos confidenciales del usuario.

08 Mar 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-08 02:15

Updated : 2024-12-09 16:19

NVD link : CVE-2024-23293

Mitre link : CVE-2024-23293

CVE.ORG link : CVE-2024-23293

JSON object : View

Products Affected

apple

  • iphone_os
  • watchos
  • tvos
  • ipad_os
  • macos
CWE
NVD-CWE-noinfo