Lucene search

[email protected]NVD:CVE-2024-23278

HistoryMar 08, 2024 - 2:15 a.m.

CVE-2024-23278

2024-03-0802:15:49

CWE-94

[email protected]

web.nvd.nist.gov

macos ventura

macos sonoma

ios 17.4

ipados 17.4

watchos 10.4

ios 16.7.6

ipados 16.7.6

tvos 17.4

sandbox breakout

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

13.0%

JSON

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.

References

seclists.org/fulldisclosure/2024/Mar/21

seclists.org/fulldisclosure/2024/Mar/22

seclists.org/fulldisclosure/2024/Mar/24

seclists.org/fulldisclosure/2024/Mar/25

support.apple.com/en-us/HT214081

support.apple.com/en-us/HT214082

support.apple.com/en-us/HT214084

support.apple.com/en-us/HT214085

support.apple.com/en-us/HT214086

support.apple.com/en-us/HT214088

support.apple.com/kb/HT214085

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

13.0%

JSON

Related for NVD:CVE-2024-23278

prion1 cve1 vulnrichment1 cvelist1 apple6 openvas2 nessus2