Lucene search

K
cvelistAppleCVELIST:CVE-2024-23245
HistoryMar 08, 2024 - 1:36 a.m.

CVE-2024-23245

2024-03-0801:36:01
apple
www.cve.org
cve-2024-23245
third-party shortcuts
legacy action
automator
user consent
macos sonoma 14.4
macos monterey 12.7.4
macos ventura 13.6.5

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "12.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "13.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "14.4",
        "versionType": "custom"
      }
    ]
  }
]

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

Related for CVELIST:CVE-2024-23245