CVE-2024-23246

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

History

20 Dec 2024, 17:09

Type Values Removed Values Added
First Time Apple ipados
References () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Mar/24 - Mailing List () http://seclists.org/fulldisclosure/2024/Mar/24 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Mar/25 - Mailing List () http://seclists.org/fulldisclosure/2024/Mar/25 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Mar/26 - Mailing List () http://seclists.org/fulldisclosure/2024/Mar/26 - Mailing List, Third Party Advisory
CPE cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

06 Dec 2024, 02:02

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 8.6
CPE cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
First Time Apple watchos
Apple visionos
Apple iphone Os
Apple
Apple ipad Os
Apple tvos
Apple macos
References () http://seclists.org/fulldisclosure/2024/Mar/21 - () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List
References () http://seclists.org/fulldisclosure/2024/Mar/24 - () http://seclists.org/fulldisclosure/2024/Mar/24 - Mailing List
References () http://seclists.org/fulldisclosure/2024/Mar/25 - () http://seclists.org/fulldisclosure/2024/Mar/25 - Mailing List
References () http://seclists.org/fulldisclosure/2024/Mar/26 - () http://seclists.org/fulldisclosure/2024/Mar/26 - Mailing List
References () https://support.apple.com/en-us/HT214081 - () https://support.apple.com/en-us/HT214081 - Vendor Advisory
References () https://support.apple.com/en-us/HT214082 - () https://support.apple.com/en-us/HT214082 - Vendor Advisory
References () https://support.apple.com/en-us/HT214084 - () https://support.apple.com/en-us/HT214084 - Vendor Advisory
References () https://support.apple.com/en-us/HT214086 - () https://support.apple.com/en-us/HT214086 - Vendor Advisory
References () https://support.apple.com/en-us/HT214087 - () https://support.apple.com/en-us/HT214087 - Vendor Advisory
References () https://support.apple.com/en-us/HT214088 - () https://support.apple.com/en-us/HT214088 - Vendor Advisory

21 Nov 2024, 08:57

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Mar/21 - () http://seclists.org/fulldisclosure/2024/Mar/21 -
References () http://seclists.org/fulldisclosure/2024/Mar/24 - () http://seclists.org/fulldisclosure/2024/Mar/24 -
References () http://seclists.org/fulldisclosure/2024/Mar/25 - () http://seclists.org/fulldisclosure/2024/Mar/25 -
References () http://seclists.org/fulldisclosure/2024/Mar/26 - () http://seclists.org/fulldisclosure/2024/Mar/26 -
References () https://support.apple.com/en-us/HT214081 - () https://support.apple.com/en-us/HT214081 -
References () https://support.apple.com/en-us/HT214082 - () https://support.apple.com/en-us/HT214082 -
References () https://support.apple.com/en-us/HT214084 - () https://support.apple.com/en-us/HT214084 -
References () https://support.apple.com/en-us/HT214086 - () https://support.apple.com/en-us/HT214086 -
References () https://support.apple.com/en-us/HT214087 - () https://support.apple.com/en-us/HT214087 -
References () https://support.apple.com/en-us/HT214088 - () https://support.apple.com/en-us/HT214088 -

03 Jul 2024, 01:47

Type Values Removed Values Added
CWE CWE-20
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1

13 Mar 2024, 23:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/25 -
  • () http://seclists.org/fulldisclosure/2024/Mar/26 -
  • () http://seclists.org/fulldisclosure/2024/Mar/24 -

13 Mar 2024, 21:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/21 -

08 Mar 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-08 02:15

Updated : 2024-12-20 17:09


NVD link : CVE-2024-23246

Mitre link : CVE-2024-23246

CVE.ORG link : CVE-2024-23246


JSON object : View

Products Affected

apple

  • iphone_os
  • visionos
  • ipados
  • macos
  • tvos
  • watchos
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation