Lucene search

AppleCVE-2024-23295

HistoryMar 08, 2024 - 2:15 a.m.

CVE-2024-23295

2024-03-0802:15:50

apple

web.nvd.nist.gov

permissions issue

visionos 1.1

persona protection

unauthenticated access

AI Score

7.1

Confidence

High

EPSS

Percentile

9.0%

JSON

A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.

Affected configurations

Vulners

Node

applevisionosRange<1.1

VendorProductVersionCPE
applevisionos*cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	visionos	*	cpe:2.3:o:apple:visionos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "visionOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "1.1",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Mar/26

support.apple.com/en-us/HT214087