CVE-2024-23271

2024-04-2416:43:43

apple

github.com

logic issue

improved checks

ios 17.3

ipados 17.3

safari 17.3

tvos 17.3

macos sonoma 14.3

watchos 10.3

malicious website

cross-origin behavior

5.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

JSON

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "17.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "tvOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "17.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "Safari",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "17.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "watchOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "10.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "14.3",
        "versionType": "custom"
      }
    ]
  }
]