Lucene search

[email protected]NVD:CVE-2024-23254

HistoryMar 08, 2024 - 2:15 a.m.

CVE-2024-23254

2024-03-0802:15:48

[email protected]

web.nvd.nist.gov

cve-2024-23254

cross-origin audio exfiltration

tvos 17.4

macos sonoma 14.4

visionos 1.1

ios 17.4

ipados 17.4

watchos 10.4

safari 17.4

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

References

seclists.org/fulldisclosure/2024/Mar/20

seclists.org/fulldisclosure/2024/Mar/21

seclists.org/fulldisclosure/2024/Mar/24

seclists.org/fulldisclosure/2024/Mar/25

seclists.org/fulldisclosure/2024/Mar/26

www.openwall.com/lists/oss-security/2024/03/26/1

lists.fedoraproject.org/archives/list/[email protected]/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

support.apple.com/en-us/HT214081

support.apple.com/en-us/HT214084

support.apple.com/en-us/HT214086

support.apple.com/en-us/HT214087

support.apple.com/en-us/HT214088

support.apple.com/en-us/HT214089