CVE-2024-23211

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jan/27	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/33	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/34	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/36	Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/39	Third Party Advisory
https://support.apple.com/en-us/HT214056	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214059	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214060	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214061	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214063	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

26 Feb 2024, 18:24

Type	Values Removed	Values Added
CPE	cpe:2.3:o:apple:safari::::::::	cpe:2.3:a:apple:safari::::::::

30 Jan 2024, 17:07

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3
References	~~() http://seclists.org/fulldisclosure/2024/Jan/27 -~~	() http://seclists.org/fulldisclosure/2024/Jan/27 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/33 -~~	() http://seclists.org/fulldisclosure/2024/Jan/33 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/34 -~~	() http://seclists.org/fulldisclosure/2024/Jan/34 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/36 -~~	() http://seclists.org/fulldisclosure/2024/Jan/36 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/39 -~~	() http://seclists.org/fulldisclosure/2024/Jan/39 - Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214056 -~~	() https://support.apple.com/en-us/HT214056 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214059 -~~	() https://support.apple.com/en-us/HT214059 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214060 -~~	() https://support.apple.com/en-us/HT214060 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214061 -~~	() https://support.apple.com/en-us/HT214061 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214063 -~~	() https://support.apple.com/en-us/HT214063 - Release Notes, Vendor Advisory
CPE		cpe:2.3:o:apple:safari:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipados::::::::
First Time		Apple safari Apple ipados Apple macos Apple Apple iphone Os Apple watchos

26 Jan 2024, 18:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jan/39 -

26 Jan 2024, 17:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jan/33 - () http://seclists.org/fulldisclosure/2024/Jan/34 - () http://seclists.org/fulldisclosure/2024/Jan/36 -

26 Jan 2024, 16:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jan/27 -

23 Jan 2024, 13:44

Type	Values Removed	Values Added
Summary		(es) Se solucionó un problema de privacidad mejorando el manejo de las preferencias del usuario. Este problema se solucionó en watchOS 10.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. La actividad de navegación privada de un usuario puede ser visible en Configuración.

23 Jan 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-23 01:15

Updated : 2024-02-26 18:24

NVD link : CVE-2024-23211

Mitre link : CVE-2024-23211

CVE.ORG link : CVE-2024-23211

JSON object : View

Products Affected

apple

iphone_os
safari
ipados
watchos
macos

CWE

NVD-CWE-noinfo

3.3 /10