Lucene search

K

AppleVULNRICHMENT:CVE-2024-23284

HistoryMar 08, 2024 - 1:35 a.m.

CVE-2024-23284

2024-03-0801:35:43

apple

github.com

2

logic issue

state management

tvos

macos

visionos

ios

ipados

watchos

maliciously crafted web content

content security policy

AI Score

5.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

References

seclists.org/fulldisclosure/2024/Mar/20

seclists.org/fulldisclosure/2024/Mar/21

seclists.org/fulldisclosure/2024/Mar/24

seclists.org/fulldisclosure/2024/Mar/25

seclists.org/fulldisclosure/2024/Mar/26

www.openwall.com/lists/oss-security/2024/03/26/1

lists.fedoraproject.org/archives/list/[email protected]/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/

lists.fedoraproject.org/archives/list/[email protected]/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/

lists.fedoraproject.org/archives/list/[email protected]/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

lists.fedoraproject.org/archives/list/[email protected]/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/

support.apple.com/en-us/HT214081

support.apple.com/en-us/HT214082

support.apple.com/en-us/HT214084

support.apple.com/en-us/HT214086

support.apple.com/en-us/HT214087

support.apple.com/en-us/HT214088

support.apple.com/en-us/HT214089

AI Score

5.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-23284

debiancve1 osv5 prion1 cve1 nvd1 ubuntucve1 redhatcve1 cvelist1 openvas13 fedora4 amazon1 nessus15 apple7 ubuntu1 debian1 gentoo1 mageia1